Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Load Balacing / High Avalabity with Router VPN Site-to-Site

Hi all,

My customer have a router with 3 ISP (each Link is connected in a interface different) and I need configure VPN Site-to-Site with Load Balacing and HA between theses ISP Links, is it possible? Someone can help me with this task?

tks a lot,

Rodrigo Alves

3 REPLIES
Silver

Re: Load Balacing / High Avalabity with Router VPN Site-to-Site

Very easy. You use "loopback" interface on the router as your VPN termination endpoint. That will allow load-balancing and HA, assuming you use other routing protocols such as OSPF or eBGP multihop load balancing/sharing.

New Member

Re: Load Balacing / High Avalabity with Router VPN Site-to-Site

Hello,

But in this topology I dont will use any routing protocol, only static routing. I attach for this message my network topology.

Do I need to configure 3 VPN L2L for each Service provider? (see attched topology, please).

Someone can help me or send me any documentation?

New Member

Re: Load Balacing / High Avalabity with Router VPN Site-to-Site

Well you dont use dynamic routing protocols so far, but you sould if you want the best and easyest way to do that.

No you wont need 3 vpn l2l for each ISP. You will need one vpn l2l for each ISP, so you can load balance between them and if some goes off the routing protocol automaticly stop sending traffic through this one.

little sample

Router 1

fa0/0

200.0.0.1

crypto map mymap

Fa0/1

10.0.0.1

route 0.0.0.0 0.0.0.0 200.0.0.2

loopback 10

192.168.1.1

tunnel source fa0/1

tunnel destination 11.0.0.1

access-list crypto_acl permit ip host 10.0.0.1 host 11.0.0.1

crypto-map mymap 10 set peer 200.10.10.10

crypto-map mymap 10 match crypto_acl

Router 2

fa0/0

200.10.10.10

crypto map mymap

Fa0/1

11.0.0.1

route 0.0.0.0 0.0.0.0 200.10.10.11

loopback 10

192.168.1.2

tunnel source fa0/1

tunnel destination 10.0.0.1

access-list crypto_acl permit ip host 11.0.0.1 host 10.0.0.1

crypto-map mymap 10 set peer 200.0.0.1

crypto-map mymap 10 match c

131
Views
3
Helpful
3
Replies
CreatePlease login to create content