How to Configure Load Balance for VPN?
This article explains how to configure the Load Balance rules for VPN. We want PC1 to be able to access the IPTV service (IP address 88.88.88.88, which is a limited service for US IP addresses only) via VPN, while PC2 isn't allowed to pass through VPN to access the IPTV service.
Network diagram
In the diagram, Vigor2850 is the router in our end, while Vigor2820 is in the remote end being using by the ISP in the U.S.
The information of Vigor2820
Settings of Vigor 2850
Before setting, please make sure the VPN tunnel is up. In this example, we name the VPN as "IPTV" in Vigor2850.
Please go to WAN >> Load-Balance Policy to create a profile to allow PC1 accessing the IPTV service via the VPN Profile "IPTV".
a. Choose Binding Interface as "1.IPTV"
b. Set Src IP Start/End as a single IP "192.168.1.10", which is the IP of PC1.
c. Set Dest IP Start/End as a single IP "88.88.88.88", which is the IP of IPTV service.
Applying with the "OK" button, and the load balance rule will be set well. Let us do some tests on PC1 (192.168.1.10) and PC2 (192.168.1.11).
a. Tracert Test on PC1 (192.168.1.10).
In the section of tracert 88.88.88.88 :
i. Hop 1(192.168.1.1) is the LAN IP of Vigor2850.
ii. Hop 2 (192.168.171.1) is the LAN IP of Vigor2820.
iii. Hop 3 (168.95.98.254) is the Gateway IP of Vigor2820.
It means the packets were sent through the VPN tunnel to Vigor 2820 from Vigor2850.
b. Tracert Test on PC2 (192.168.1.11).
In the section of tracert 88.88.88.88 :
i. Hop 1(192.168.1.1) is the LAN IP of Vigor2850.
ii. Hop 2 (60.250.189.254) is the Gateway IP of Vigor 2850.
It means the packets weren't sent through the VPN tunnel to Vigor2820 from Vigor 2850.
