Multiple Webservers on LAN
-
Hey everyone!
In my on-going project to switch over our medical facility to pfsense redundant firewalls, I am running into another snag that I need a little clarification on. I am running in a Multi-WAN + CARP Failover environment. I also will have multiple IPSec connections coming into the firewalls. My two questions are this.
- Will my loadbalancer for the multi-wan auto failover for the IPSec connections? Also is there any suggestions as to what I can do to avoid having to enter the secondary WAN's shared CARP IP on the other end of my Site-to-Site VPN when my primary WAN goes offline.
- I have multiple webservers on my LAN. How can I go about allowing outside users to access these? In the past we just put them on their own static IP addresses. But if I were to do that now, wouldnt that defeat the purpose of the CARP Failover since it would no longer function?
Thanks for all the help.
Anthony
-
Anybody?
-
-
No, IPsec doesn't load balance/fail over with multi-wan. You'd have to have a tunnel nailed up on each wan in transport mode, and then have some other method (gre+ospf or similar) to route the traffic over the proper wan. It isn't quite as simple as just sending the IPsec traffic over the other WAN…
-
Just use additional CARP type VIPs on each WAN, then you can do port forwards to the internal addresses from these CARP VIPs.
-