Load Balacing / High Avalabity with Router VPN Site-to-Site

Unanswered Question
Aug 6th, 2009
User Badges:

Hi all,


My customer have a router with 3 ISP (each Link is connected in a interface different) and I need configure VPN Site-to-Site with Load Balacing and HA between theses ISP Links, is it possible? Someone can help me with this task?


tks a lot,


Rodrigo Alves

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
cisco24x7 Thu, 08/06/2009 - 09:03
User Badges:
  • Silver, 250 points or more

Very easy. You use "loopback" interface on the router as your VPN termination endpoint. That will allow load-balancing and HA, assuming you use other routing protocols such as OSPF or eBGP multihop load balancing/sharing.

rodrigo.cisco Thu, 08/06/2009 - 11:27
User Badges:

Hello,


But in this topology I dont will use any routing protocol, only static routing. I attach for this message my network topology.


Do I need to configure 3 VPN L2L for each Service provider? (see attched topology, please).


Someone can help me or send me any documentation?



Attachment: 
goldnetps Tue, 08/11/2009 - 05:08
User Badges:

Well you dont use dynamic routing protocols so far, but you sould if you want the best and easyest way to do that.


No you wont need 3 vpn l2l for each ISP. You will need one vpn l2l for each ISP, so you can load balance between them and if some goes off the routing protocol automaticly stop sending traffic through this one.



little sample



Router 1

fa0/0

200.0.0.1

crypto map mymap


Fa0/1

10.0.0.1


route 0.0.0.0 0.0.0.0 200.0.0.2


loopback 10

192.168.1.1

tunnel source fa0/1

tunnel destination 11.0.0.1


access-list crypto_acl permit ip host 10.0.0.1 host 11.0.0.1


crypto-map mymap 10 set peer 200.10.10.10

crypto-map mymap 10 match crypto_acl




Router 2

fa0/0

200.10.10.10

crypto map mymap


Fa0/1

11.0.0.1


route 0.0.0.0 0.0.0.0 200.10.10.11


loopback 10

192.168.1.2

tunnel source fa0/1

tunnel destination 10.0.0.1


access-list crypto_acl permit ip host 11.0.0.1 host 10.0.0.1


crypto-map mymap 10 set peer 200.0.0.1

crypto-map mymap 10 match c

Actions

This Discussion