Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Advise needed for vpn site to site backup links

Hi All

Just a quick question I have 12 remote sites that connect to the head site

to access core servers etc. each remote site has a ADSL link to access

alternative services but the ADSL link is also used to connect to the main

link via VPN in the event that the main link is down, each remote site has a

cisco 1811 connected to the ADSL to establish the site to site vpn link ,

whilst the main site has a cisco 2600 xm with advsecurity IOS and a VPN

module installed and is connected over the corporate 12Mbps (12Mbps up/down)

Internet link and is configured to establish VPN tunnels to any of the

remote 12 sites in the event of a link outage.

What happened recently was that the main link went down and all 12 sites

tried to establish vpn links to the main site 2600 xm router simultaneously.

Even though the VPN links for all sites wee established, the CPU

ultilization on the 2600xm was constantly at 99% and packets were being

dropped, only when I dropped some of the vpn links did the ultilisation


What I am asking is that what can I do in the future for backup via vpn,

should I share the load at the main site with another router beisdes the

2600xm or should I look at a more powerful router or firewall to do be the

VPN server. I have a PIX 506 that may be available.

What do you guys think

Thanks in advance



Re: Advise needed for vpn site to site backup links

It should be possible providing you have OSPF setup to route the traffic should a link go down. As long as you have both external IPs in the remote crypto map, the site to site VPN should be fine