Advise needed for vpn site to site backup links

Unanswered Question
Feb 2nd, 2009
User Badges:

Hi All

Just a quick question I have 12 remote sites that connect to the head site

to access core servers etc. each remote site has a ADSL link to access

alternative services but the ADSL link is also used to connect to the main

link via VPN in the event that the main link is down, each remote site has a

cisco 1811 connected to the ADSL to establish the site to site vpn link ,

whilst the main site has a cisco 2600 xm with advsecurity IOS and a VPN

module installed and is connected over the corporate 12Mbps (12Mbps up/down)

Internet link and is configured to establish VPN tunnels to any of the

remote 12 sites in the event of a link outage.

What happened recently was that the main link went down and all 12 sites

tried to establish vpn links to the main site 2600 xm router simultaneously.

Even though the VPN links for all sites wee established, the CPU

ultilization on the 2600xm was constantly at 99% and packets were being

dropped, only when I dropped some of the vpn links did the ultilisation


What I am asking is that what can I do in the future for backup via vpn,

should I share the load at the main site with another router beisdes the

2600xm or should I look at a more powerful router or firewall to do be the

VPN server. I have a PIX 506 that may be available.

What do you guys think

Thanks in advance


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sbilgi Fri, 02/06/2009 - 13:26
User Badges:
  • Silver, 250 points or more

It should be possible providing you have OSPF setup to route the traffic should a link go down. As long as you have both external IPs in the remote crypto map, the site to site VPN should be fine


This Discussion