Change VPN link modes in policy-based VPNs

The mode of a VPN link determines how the link is used for VPN traffic.

You can select the Mode in which End-Point<->End-Point tunnels are used if there are multiple links between two Gateways (Multi-Link configuration). The Mode you select is the default mode for the link.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to SD-WAN.
  2. Browse to Policy-Based VPNs.
  3. Right-click the Policy-Based VPN element, then select Edit <element name>.
  4. On the Tunnels tab, select a tunnel on the Gateway<->Gateway list.
    The links between the gateways are displayed in the End-Point<->End-Point list.
  5. Right-click the Mode column for a link on the End-Point<->End-Point list, then select Edit Mode.
  6. Configure the settings.
  7. Click OK.

Link Mode Properties dialog box

Use this dialog box to configure the link mode for a VPN.

Option Definition
Mode The link’s Mode setting overrides the Mode defined in the endpoint properties.
Note: The Active and the Aggregate modes are mutually exclusive. All VPN endpoints and the links between two gateways must be either in Active and Standby modes or in Aggregate and Standby modes.
Select one of these options:
  • <option (default)> — The mode is automatically calculated based on the Mode selected for the endpoints. If the endpoints’ Mode changes, the link’s Mode is automatically updated. The (default) mode is calculated in the following way:
    • If both endpoints are in Active mode, the link’s Mode is Active.
    • If both endpoints are in Aggregate mode, the link’s Mode is Aggregate.
    • If one of the endpoints is in Standby mode, the link’s mode is Standby.
  • Active — The link is always used. If there are multiple links in Active mode between the Gateways, the VPN traffic is load-balanced between the links based on the links’ load. This means that VPN traffic is directed to the link that has the lowest load.
  • Aggregate — The link is always used, and each VPN connection is load-balanced in round-robin fashion between all the links that are in the Aggregate mode. For example, if there are two links in Aggregate mode, a new VPN connection is directed to both links.
  • Standby — The link is used only when all Active or Aggregate mode links are unusable.
QoS Exceptions Allows you to specify the link Mode depending on the QoS class of the traffic that is directed to the link.
Note: Each QoS Exception definition is link-specific. If you want to direct traffic that has a particular QoS Class to more than one link in a Multi-Link VPN configuration, define a QoS Exception for each link.
Click Add to add a row to the table, or Remove to remove the selected row.
QoS Class The QoS class of traffic directed to the link.
Mode The mode for the link when traffic of the selected QoS class is directed to the link.