Load Balancing VPN over multiple lines

Unanswered Question
Jul 3rd, 2009

We currently have 4 unbound ADSL lines (4 seperate public IP addresses), however currently we are forcing VPN traffic to use a particular line as we had problems with load balancing.

The problem is that upload speed is very poor and the connection just grinds to a halt. Ideally I want to get VPN connections to use mutiple lines. This will mean the user will have to have multiple VPN connection. If one is performing poorly then they could try another line. Still not ideal but at least it would be a workable solution if I can get the load balancing working.

Here's the key bits of the config (will post all if required)

.....

ip cef

.....

interface FastEthernet0/0

.....

......

ip nat inside

ip policy route-map Servers

...

ip nat inside source static udp 192.168.1.1 1701 xxx.xxx.xxx.xx1 1701 extendable

ip nat inside source static tcp 192.168.1.1 1723 xxx.xxx.xxx.xx1 1723 extendable

ip nat inside source static udp 192.168.1.1 1701 xxx.xxx.xxx.xx2 1701 extendable

ip nat inside source static tcp 192.168.1.1 1723 xxx.xxx.xxx.xx2 1723 extendable

access-list 6 permit 192.168.1.0 0.0.0.255

access-list 50 permit 192.168.1.1

access-list 50 permit 192.168.1.2

access-list 50 permit 192.168.1.1

access-list 52 permit 192.168.1.1

route-map rmd3 permit 10

match ip address 6

match interface Dialer3

!

route-map rmd2 permit 10

match ip address 6

match interface Dialer2

!

route-map rmd1 permit 10

match ip address 6

match interface Dialer1

!

route-map rmd0 permit 10

match ip address 6

match interface Dialer0

!

route-map Servers permit 10

match ip address 50

set interface Dialer3

!

route-map Servers permit 20

match ip address 52

set interface Dialer1

Half the problem at the moment the VPN server 192.168.1.1 in this case would end up matching two Server route-maps however only would be caught by the first.

In theory without these Server route maps it should work but doesn't seem to.

I'm guessing thats to do with when the response to the VPN connection goes out the interface FastEthernet0/0 it then picks the next line which could be different from the line the incomming VPN connection was made so the packets never get received by the client and therefore cannot connect to the VPN.

Any bright ideas?

TIA,

Lee

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion