2811 Router - Dual ISP using OER?

jfinley · ‎04-15-2007

Is it possible to use DUAL ISP's for load-balancing a LAN to LAN IPSEC using OER? The other side of the VPN is a Cisco PIX 515. I do not see hardly any documentation out there and don't have the equipment to test....

spremkumar · ‎04-16-2007

Hi

Do confirm whether you have 2 ISPs on both the sides ?

Also i may look at an option of dedicating one link for VPN and the other for various other applications.

By doing so your vpn traffic wont get affected or the vpn link dont get chocked by other traffic.

You also need to take care of the redundancy part where in when the vpn link goes down you should have your routes/vpn traffic to be forwarded onto the secondary link..

routing part you can achieve with static floating routes and make sure that you have crypto done on both the interfaces connecting to the outside world..

regds

jfinley · ‎04-16-2007

I have 1 ISP on one side where the PIX resides. I thought of make two separate tunnels using practically the same ACL's as the 1st working IPSEC tunnel. Would this work? or cause a conflict.....This is why I wish Cisco would release their IOS in a virtual way to test these configurations.

stefan.jones · ‎04-17-2007

Someday we'll see Virtual Tunnel Interfaces on the security platforms. Then DMVPN would be all you have to set up.

PIX 7 supports redundancy on a vpn group. I would guess it would work with IOS, though I've never tried. Plus if your IOS is new enough, it can be an EasyVPN server on both WAN connections.

There's an IOS emulator for the 3600 and 7200 series that works great. You just need legitimate access to the IOS image.

http://dynagen.org/index.html