Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
970
Views
0
Helpful
2
Replies

VPNs

tperron
Level 1
Level 1

‎12-21-2003 09:48 AM - edited ‎02-20-2020 11:10 PM

EIGRP and VPNs.

We have four tunnels. A connects to our internal network. B, C and D connect to a VPN. We want to load balance EIGRP over each of the four paths. How can we do it?

Also, if A fails we want B, C and D to work. If B, C and D fail we ant A to work.

What solution mix could help? Can we consider using variance, offset lists, other? Please send config samples.

Thanks.

Tom

perronta@hotmail.com

0 Helpful
2 Replies 2

smalkeric
Level 6
Level 6

‎12-29-2003 08:34 AM

You can define multiple remote peers using crypto maps to allow for load sharing. Should a peer fails, there will be an other protected path. If a transmission attempt fails with the first peer, IKE tries the next peer on the crypto list. The crypto map parameters must be compatible with other peers. If you are not sure how to configure the crypto map parameters, use dynamic crypto maps. This is well described at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_3/ipsec.htm#32276

0 Helpful

gmiiller
Level 1
Level 1

‎01-18-2004 09:15 PM

I'm currently running OSPF on some MGRE crypto networks, and there's a fair bit on the Cisco web site about those sort of features. As far as load balancing is concerned, my advice would be to use extreme caution as the delay on the VPN will also be affected by crypto performance as well as all the other normal factors, so if you try per-packet things will probably get nasty.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card