Load balance 2 xDSL VPN from 2821 to PIX515e ?

Unanswered Question
Jul 24th, 2007

I have a PIX515e terminating IPSEC tunnels from what is usually Draytek Vigor routers. I have a requirement to load balance across 2 (or more) ADSL circuits and I have a 2821 router available for the remote end. My question is, is it possible to load balance across these 2 circuits ? would this involve establishing 2 seperate tunnels with the PIX ? I have seen enough to suggest that load balancing across the circuits on a 2821 may be possible, but I am not sure whether the PIX can do this ? and if so, how ? Any suggestions ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
smalkeric Mon, 07/30/2007 - 09:14

In addition to being an excellent primary WAN link, the cable HWICs are well suited for used as a secondary WAN link for businesses of all sizes. This secondary link can be used to offload Web traffic directly to the Internet, provide a redundant option for a primary link in case of failure, or provide load balancing with a xDSL or other type of WAN link.

Increasingly, Internet connectivity is crucial to a branch or small business employee's productivity. However, as more streaming media and rich content is placed on the Web, the WAN bandwidth requirements to provide this connectivity continue to grow. In the case of a branch office, as shown in Figure 2, using Policy-Based Routing, all HTTP (Port 80) traffic can be diverted from a primary low-bandwidth link to the DOCSIS link to minimize the amount of traffic being routed back to corporate headquarters. The ISRs can optionally provide end-to-end security with advanced firewall, intrusion prevention, and URL filtering capabilities to help ensure security and proper usage of the Internet.

ajenks Wed, 08/01/2007 - 04:57

Thanks. This text seems to refer mainly to using the xDSL circuit for plain internet access. I am referring to a VPN connection. My main point being, if you have say 4 xDSL circuits each with a seperate public IP address, how can you use these to achieve a single VPN tunnel to a PIX so traffic is load balance across those links. Currently I can only see a way of creating 4 sperate VPN tunnels (one for each circuit) and having to route specific traffic across each tunnnel rather than any sort of pooling / load balancing.


This Discussion