I need to load balance IPSEC with GRE over multiple T1s. My current solution is to use two routers, one to hold the physical T1s and the other to form a single SA back to the home router. If I use one router, the traffic does not load balance over the multiple SAs that are formed to the home router. Is there a way to bundle the T1s into a single, virtual interface so that I only use one SA?
IPSec is supported with process and fast switching. To get load balancing with the same DA/SA pair the router must be process switching. If the performance of process switching is enough, then you can do it.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...