Some VPN scenarios require that a given group of VPN tunnels of a device terminates on, or establishes to, a common VPN gateway. This is necessary, for example, where VPN tunnels are configured on a cluster of load balancers and VPN tunnels use the alternative gateway list and maybe even different paths or outbound Internet connections (DSL, LTE, Ethernet) to reach the destination.
A VPN load balancer requires that the various VPN tunnels always terminate on a common VPN gateway.
IKEv2 tunnel groups is a feature that ensures that all VPN tunnels in a group always terminate on a common VPN gateway. The first VPN tunnel to be established in a group determines the common VPN gateway, and the VPN remote gateways for all of the other members of the tunnel group are transferred to this destination. Usually, this is the VPN tunnel that is established the fastest. The selection of a gateway is only performed again if all tunnel group members are unable to reach the gateway.
The function of the IKEv2 tunnel groups can basically be used independently of a load balancer.
In LANconfig, navigate through the configuration to Additional parameters, configure the Tunnel groups.
and, in the section- Group name
- Unique name for the tunnel group.
- Peer 1-4
- The name of each remote site of the IKEv2 VPN tunnel terminating in the tunnel group.