Hi! I've set up a router with two ISP connections. One connection is through Ethernet and the other is over a multilink ppp interface. Since the IPs on the multilink ppp interface are private, I put the public IPs on a vlan interface. So the outbound interface is not the same interface as the interface with the public IPs for the second ISP.
I've been load balancing outbound traffic by using a route-map, and I set up a route-map as the ip local policy in order to be able to reach the router from both ISPs.
I can set up easyvpn using the GUI wizard on the ethernet connection no problem (with the first ISP). When I set up easyvpn on the second isp (the multilink ppp one), then I get connected, can do ICMP pings but nothing else, no telnet, no traceroute (udp) and no traffic to internal hosts.
I've removed all access-lists, route-maps and I've re-written the easyvpn config several times. I discovered that if I set up the ISAKMP profile for the second (multilink) ISP like this:
crypto isakmp profile sdm-ike-profile-3
match identity group AdminsVPN2
client authentication list sdm_vpn_xauth_ml_6
isakmp authorization list sdm_vpn_group_ml_4
client configuration address respond
It would help since easyvpn would not try to originate VPN traffic from the multilink interface.
I'm running enhanced easyvpn, thus I'm not using any crypto maps.. I got a similar config to work using crypto maps using:
crypto map SDM_CMAP_2 local-address Loopback0
But I wanted to get the same accomplished on the enhanced EasyVPN, but I can't seem to find the equivalent.
I haven't found any info regarding EasyVPN on a multihomed router, I'd really appreciate some links or some tips!
Can anyone shed some light on the subject?
I'm kinda stumped here.
thanks in advance for taking the time to read this!