50 and 51 there are protocol identifiers not port numbers. They are not tcp and not udp they are different transport layer protocols (the same layer resides tcp and udp). Protocol 50 is protocol ESP (Encapsulating Security Payload), protocol 51 is AH (Authentication Header). https://en.m.wikipedia.org/wiki/List_of_IP_protocol_numbersYou might be interested following articles:http://www.linuxvirtualserver.org/software/ipvs.htmlhttps://wiki.strongswan.org/projects/strongswan/wiki/HighAvailabilityAnvar Kuchkartaev an...@anvartay.com From: HoumanSent: lunes, 13 de noviembre de 2017 04:19 p.m.To: users@lists.strongswan.orgSubject: [strongSwan] Can StrongSwan be loadbalanced?Hello,I have made quite a bit of research on how to load balance StrongSwan, however, I get contradicting messages.e.g. from my understanding, StrongSwan (IKEv2) works over UDP and not TCP. Hence Aws load balancer is out of the question. But so is HAProxy !!!But I discovered that latest NGINX 1.10+ supports UDP load balancing and it was easy to set it up.I am currently listening to ports 500 and 4500 and it doesn't quite work. I have raised an issue here: https://wiki.strongswan.org/issues/2464Do I need to listen to port 50 and 51 as well?Any tips or advice for me, please?Many Thanks,Houman
