Can anyone give me some configuration advice on the best protocol/config to use for the following setup?
I've got a remote office running with a private subnet and a Cisco 1841 router that has 2 ADSL cards installed. Both ADSL cards create a dialer interface with a static IP address and the private subnet NATs behind it. Each interface also connects to a seperate PIX firewall on the private subnet at the head office. This forms two basic ipsec VPN tunnels, by assigning a crypto map on each Dialer interface. As a consequence, no VPN interface is created like you do with some VPN protocols (int Tunnel0 etc). Both PIX firewalls sit on the same subnet as a 3750 router, which is the default router for all HO hosts and servers.
As a rough diagram:
Head office __3750----pix2(192.168.12.238)---(web) ---dialer0 1841
192.168.12.0 |-----pix1(192.168.12.253)---(web)---dialer2 192.168.42.3
What I want to do, is load balance the VPN connections, both both directions, so the 1841 will distribute between its two dialer interfaces and the 3750 will distribute traffic between the two pixes. The system needs to know if a line goes down. Currently I am using static routes of equal value, however if one line dies, 50% of traffic is lost.
OSPF sounded like a good idea, however if I login to pix1 and try to ping 192.168.42.3, it tries to send it via the outside interface and the ISP correctly drops the traffic. As such, I can't form a neighbour relationship over the tunnel.
Is there a better protocol to use, or is there a way to configure a router to talk over its own VPN tunnel.
Any advice appreciated.