pfsense 多出口 Load Balancer

最新推荐文章于 2022-02-20 17:42:50 发布

weixin_34111819

最新推荐文章于 2022-02-20 17:42:50 发布

阅读量207

点赞数

CC 4.0 BY-SA版权

原文链接：http://blog.51cto.com/setup/290766

本文介绍了一种使用多出口负载均衡的技术方案，包括网络接口设置、负载均衡池配置及防火墙规则设定等内容，并详细展示了IPsec隧道建立的过程，以及安全关联数据库(SAD)和安全策略数据库(SPD)的具体配置。

多出口 Load Balancer

一。
==================================================
Interfaces: WAN
Type           Static
IP address     192.168.10.2/24
Gateway        192.168.10.1
==================================================
Description      OPT1

Type             Static
Bridge with      none
IP address       192.168.20.2/24
Gateway          192.168.20.1
==================================================
Interfaces: LAN
Bridge with none
IP address       192.168.0.1/24
==================================================
二。
Load Balancer
pools
Name             wan1
Type             gateway
Behaviour Load Balancing
Interface Name   WAN/OPT1
list             wan |192.168.10.1
                 opt1|192.168.20.1
==================================================
三。
Firewall===》rules=====》LAN

Proto Source Port Destination Port Gateway Schedule Description

* LAN net * * * wan1 Default LAN -> any
====================================================================================

ipsec ***

============第一步====================================================
×××====》ipsec====》======》Tunnels   Enable IPsec
Interface               WAN LAN
NAT-T                 Enable NAT Traversal (NAT-T)
Local subnet  LAN subnet
Remote subnet  192.168.20.0/24
Remote gateway  192.168.16.191

=============
Phase 1 proposal (Authentication)
Negotiation mode         aggressive
Encryption algorithm     3DES
Hash algorithm MD5
DH key group             2
Authentication method    Pre-shared key
Pre-Shared Key   adminsecert
=============
Phase 2 proposal (SA/Key Exchange)
Protocol    ESP
Encryption algorithms    3DES
Hash algorithms          MD5
PFS key group            off
Lifetime   86400

============第二步====================================================
System=====》Static routes
Interface                WAN
Destination network      192.168.20.0
Gateway                  192.168.10.1

================================================================
SAD
Source Destination Protocol SPI Enc. alg. Auth. alg.
192.168.16.190 192.168.16.191 ESP 0cf661b4 3des-cbc hmac-md5
192.168.16.191 192.168.16.190 ESP 013fdc47 3des-cbc hmac-md5

================================================================
SPD
Source   Destination Direction Protocol   Tunnel endpoints
192.168.20.0/24 192.168.10.0/24            ESP        192.168.16.191 - 192.168.16.190
192.168.10.0/24 192.168.20.0/24            ESP        192.168.16.190 - 192.168.16.191

转载于:https://blog.51cto.com/setup/290766