Hello All,
Please can you advise, which is the best load-balancing type to be selected considering I use cisco anyconnect VPN client to connect to my work?
Basically, I've used per-packet and found when I connect to cisco anyconnect VPN client the internet browsing doesn't work if I've applied restricted security policies from zone LAN to zone WAN. However, internet browsing would work fine if security policies are Allow any source, destination, application.
policy-statement load-balancing-policy {
then {
load-balance per-packet;
}
}
static {
route 0.0.0.0/0 next-hop [ ISP-1 ISP-2 ISP3 ];
}
forwarding-table {
export load-balancing-policy;
}
FW-01# show security policies from-zone LAN to-zone WAN
policy LAN-TO-WAN {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
count;
}
}
If I apply below policies for http and https traffic, the internet on client machine does not work once connected to cisco anyconnect VPN client.
policies {
from-zone LAN to-zone WAN {
policy Allow-http {
match {
source-address any;
destination-address any;
application junos-http;
}
then {
permit;
}
}
policy Allow-https {
match {
source-address any;
destination-address any;
application [ junos-https udp_https ];
}
then {
permit;
}
}
policy Allow-ICMP {
match {
source-address any;
destination-address any;
application [ junos-icmp-all junos-ping junos-icmp-ping ];
}
then {
permit;
}
}
Please can someone assist, if using consistent-hash would solve the problem of not being able to browse when connected to cisco anyconnect client?
Regards,
Z