Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS11000 Load Balance over two VPN connections?

Is it possible to have a CSS11000 in a local site perform load balancing and fail over to two different destinations on the internet that require a VPN connection. The VPN will be a router to router VPN using 7206s.

Bruce

mailto:bruce.lawrence.williams@verizon.com

4 REPLIES
Cisco Employee

Re: CSS11000 Load Balance over two VPN connections?

Hello Bruce !

CSS is designed to handle TCP- and UDP based traffic, not IPSec. When handling IPSec traffic Content Switching Module (CSM) inside Catalyst 6500 series is recommended for that purpose.

More info:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/csm/index.htm

- Tomi

New Member

Re: CSS11000 Load Balance over two VPN connections?

Correct me if I'm wrong, but if the VPN tunnel is built between the two 7206s, the IPSEC traffic should not even touch the CSS boxes. They should be oblivious to the fact that there is any IPSEC activity between point A and point B.

Cisco Employee

Re: CSS11000 Load Balance over two VPN connections?

Hello JOSH

Correct. In that case CSS would only see clear text traffic and do load balancing and provide redundancy between different VPN boxes initiating VPN tunnels to Internet. You just have to make certain all packets belonging to the same sesssion get forwarded to same destination, for example sticky based on source IP etc...

- Tomi

New Member

Re: CSS11000 Load Balance over two VPN connections?

It is possible Bruce.

You can create a service in CSS11000 and apply both of your connections into it. You can use then as a load balancing (with failover), or using them as a single connection (with failover).

199
Views
0
Helpful
4
Replies
CreatePlease to create content