Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPNs

EIGRP and VPNs.

We have four tunnels. A connects to our internal network. B, C and D connect to a VPN. We want to load balance EIGRP over each of the four paths. How can we do it?

Also, if A fails we want B, C and D to work. If B, C and D fail we ant A to work.

What solution mix could help? Can we consider using variance, offset lists, other? Please send config samples.

Thanks.

Tom

perronta@hotmail.com

2 REPLIES
Silver

Re: VPNs

You can define multiple remote peers using crypto maps to allow for load sharing. Should a peer fails, there will be an other protected path. If a transmission attempt fails with the first peer, IKE tries the next peer on the crypto list. The crypto map parameters must be compatible with other peers. If you are not sure how to configure the crypto map parameters, use dynamic crypto maps. This is well described at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_3/ipsec.htm#32276

New Member

Re: VPNs

I'm currently running OSPF on some MGRE crypto networks, and there's a fair bit on the Cisco web site about those sort of features. As far as load balancing is concerned, my advice would be to use extreme caution as the delay on the VPN will also be affected by crypto performance as well as all the other normal factors, so if you try per-packet things will probably get nasty.

171
Views
0
Helpful
2
Replies
CreatePlease to create content