Configuring your Failover Plan to include the Veeam PN appliance
Once you are happy your Veeam PN portal is configured correctly, containing all of your required devices and IP address configurations you can start configuring your Failover Plan.
The appliance will first need to be replicated successfully to your Veeam Cloud Connect Service Provider.
I have found that due to it being a Linux VM, you may encounter the following warnings:
- No static IP addresses detected for VeeamHUB, please specify default gateway settings manually
- One or more source networks possible were mapped to the same cloud network. Simultaneous partial failover of VMs on these networks may cause issues.
Warning number 1 can be ignored going forward. I believe this is a bug with Veeam. If you are happy the IP address is definitely configured to be static, it can be ignored.
Warning number 2 can be cleared by ensuring the default gateway of the appliance is present in your ‘Default Gateways’ section located under (Backup Infrastructure > Service Providers > Select Service Provider > Manage Default Gateways. If you are happy your gateway is present in this list, and if you do not have multiple entries, simplly selecting the ‘Route traffic between these networks’ clears the warning.
Now you are happy your VM is replicated successfully. We can add the Veeam PN appliance into the Failover Plan. The first step is to add the VM in to the list of ‘Virtual Machines’. The delay is once again your choice. I find the appliance can take up to 5 minutes to boot, so I like to set the delay to 0 seconds. This is your choice entirely.
The next step is adding in some additional NAT rules for the Veeam PN to function correctly during a failover.
The first NAT rule will be for the ‘Site-to-Site’ VPN communications. Here you want the Public IP address to NAT to the Veeam PN appliance LAN address on port 1194.
The LAN IP has to be entered manually due to previous WARNING which stated the IP could not be automatically detected.
The second NAT rule will be for the ‘Point-to-Site’ VPN communications. Again, you want to NAT the Public IP address to the internal IP address of the appliance. However, this time on port 6179.
Finally, to allow management of the Veeam PN portal following a failover, you need to add one more NAT rule. In this demonstration, I am using port 6443 to be NAT through to the internal port 443. This means if you want to browse to the portal following a failover, you browse to:
That finalises this section. You simply require 3 additional NAT rules for the VPN following a failover. In the next section, I will quickly show you how to download the config file for each Endpoint and connect to the VPN.
Contact the team today if you’d like any more information or to take advantage of Veeam Cloud Connect on our platform, with a 30-day free trial.