12-21-2003 09:48 AM - edited 02-20-2020 11:10 PM
EIGRP and VPNs.
We have four tunnels. A connects to our internal network. B, C and D connect to a VPN. We want to load balance EIGRP over each of the four paths. How can we do it?
Also, if A fails we want B, C and D to work. If B, C and D fail we ant A to work.
What solution mix could help? Can we consider using variance, offset lists, other? Please send config samples.
Thanks.
Tom
12-29-2003 08:34 AM
You can define multiple remote peers using crypto maps to allow for load sharing. Should a peer fails, there will be an other protected path. If a transmission attempt fails with the first peer, IKE tries the next peer on the crypto list. The crypto map parameters must be compatible with other peers. If you are not sure how to configure the crypto map parameters, use dynamic crypto maps. This is well described at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_3/ipsec.htm#32276
01-18-2004 09:15 PM
I'm currently running OSPF on some MGRE crypto networks, and there's a fair bit on the Cisco web site about those sort of features. As far as load balancing is concerned, my advice would be to use extreme caution as the delay on the VPN will also be affected by crypto performance as well as all the other normal factors, so if you try per-packet things will probably get nasty.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide