06-08-2006 11:07 PM - edited 02-21-2020 02:27 PM
Hi All,
I have a 2821 router that has multiple circuits over different carriers. I want to setup a IPsec VPN from the 2821 to a PIX515. Is is possible to load balance the VPN over both circuits? Have you experienced this before? It seems that CEF per-packet would accomplish this, but I am not sure if performance would take a hit.
Thanks,
Lee
06-15-2006 07:40 AM
I am not sure if IPSec can be load balanced like that. How will the out-of-sequence packets be reassenbled at the gateway end? I know there is a sequence number in the ESP header, but that is used for replay detection. Not sure they can be used here. Any thoughts?
06-15-2006 07:56 AM
I believe that I remember a conversation with a TAC engineer when I was looking at some problems with a VPN connection in which he said that out of order packets are a problem with ESP.
HTH
Rick
06-15-2006 10:52 PM
Thanks for your responses!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: