I want to remove an old loadbalancer from a productive site (HQ) and replace it with a MT RB 4100 router. I have found a solution for almost all functions of that old loadbalancer, but I am not so sure about one of them:
The setup is as follows:
LAN <-> Cisco ASA <-> Load Balancer <-> Cloudserver (vASA)
- The Cisco ASA and the vASA have a working IPSec Site-to-Site tunnel that won't be touched and is working fine
- The Cisco ASA and the Load Balancer are connected via a /30 network
- The Load Balancer has the WAN connections configured, so the ASA is NATed
- The Load Balancer has a Port Forwarding configured to foward UDP 500, UDP 4500 and IP 50 (ESP) from WAN interface directly to the Cisco ASA
So what's my question after all?
- The Load Balancer has a Service Passthrough feature enabled for IPSec NAT-T. The vendor's manual says "This field is for enabling the support of IPsec NAT-T passthrough. UDP ports 500, 4500, and 10000 are monitored by default."
My question is: how would I configure such a feature on the MT (in case it is needed what I am not sure of)?
Advice would be much appreciated.