Site-to-site VPN with low-overhead needed (ISP offers very limited access)

Unanswered Question
Jul 31st, 2007
User Badges:


Is someone able to help me out a bit on this one?

I'm trying to design a site-to-site VPN setup, but my knowledge of VPN's in relation to Cisco equipment limit me a bit.

What I would like to create is a link between two sites (one mobile Cisco router and one in a datacenter). I Need the traffic on the link to be shaped (let's say 3 priority levels) so QoS on both upstream and downstream.

The mobile router can use a number of different connections, which at least should allow "normal" internettraffic (port 443 and 80) and might traverse through a NAT-router. Furthermore it's not possible to say what the linkspeed is, it could be 64Kb/s or 2Mb/s (and when established it might even fluctuate a bit).

What are my options to have two-way QoS on that link? I Thought of using SSL VPN:

- it does not have that much overhead (even works on "slow" links?)

- uses standard port 80 and 443 (no problem with firewalls and routers?)

- tunneling of all data (the mobile user can use any port/application without the current ISP possibly blocking it?)

The only thing is I cannot find anything on site-to-site SSL tunnels, they all seem to be using a webclient or the Cisco client.

Can such an idea be realised, and if yes can it be done with the SSL? I Planned using a 3800-series as colocated router and some 2800-series as mobile router.

Thanks in advance for any idea!

Kim Jansen

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vanbergehenegouwen Mon, 08/06/2007 - 06:05
User Badges:


Is anyone able to judge if the above can be done, or am I requiring too much of the current technology?

It shouldn't be that kind of a problem I think?

Thanks, Kim


This Discussion