Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Recommended hardware for site-2-site connection with dual ISPs on each site


Can anyone give me a hint what hardware and technology has to be used to set up a connection from a central site to a remote site. On both sites there are two different ISPs with different bandwidths and reliability. Therefore loadbalancing should be achieved regarding the tunnels. Other features which are requested are:

- policy based routing for users on central site (group 1 should use ISP one and group 2 should use the other one with fallback if one the ISPs fails)

- terminating of remote access VPNs on the central site (possible on both ISP connections)

- the remote site should have direct internet access by split tunneling

- a DMZ interface for future use on the central site should also be provided

The customer already has a ASA5510 but not configured yet. Can this device be used for the setup in such way?

Any feedback is appreciated.

Kind regards!

New Member

Re: Recommended hardware for site-2-site connection with dual IS

If you are going to add an E3 connection to an ISP, the router recommendation will obviously change to a 7200. There are many options for load balancing methods utilizing BGP for a dual-connectivity setup, so we may want to go through these when the time comes. We can use BGP metrics to force user traffic out a different link than the Web Banking traffic, such as AS path prepending.

New Member

Re: Recommended hardware for site-2-site connection with dual IS

You can use asa's for frontend ipsec tunneling between sites and 2800/3800 series routers for backend gre tunneling.

Asa's can also take care of vpn client access and even firewalling services.

This way you can enjoy the strong security of the asas and the great flexibility of ios.



CreatePlease login to create content