Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN spanned over two WAN connections on Cisco ASA?

Hello,

I have a quick question for you guys, as I'm not too sure if you can do this.

Basically, we are connecting two offices together and need higher bandwidth between the sites over VPN. The main site has a leased line and the remote site has an SDSL connection with a secondary ADSL line with a different provider, set in failover mode.

There is a Cisco ASA 5520 at main branch and 5510 at remote, with a site-to-site VPN between sites.  Is it possible to use the failover line to increase our bandwidth over the site-to-site VPN? What I mean by this, is create a VPN link combined over the two WANs?

Draytek have a feature on their 2930 series that allows you to do this called VPN Trunk/Bonding. I was wondering if this is possible on the Cisco ASA? If not, is there anyway I could achive this with any additional hardware? I don't want to use the Draytek for the mainsite, obviously because the load would probably kill it but I'm not against using this at the remote site infront of the ASA.

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

VPN spanned over two WAN connections on Cisco ASA?

There's no ASA feature that does what you're asking, AFAIK.

Depending on your traffic profile, you might be able to hack a solution by creating two site-site VPNs (one via SDSL and the oher via the ADSL) and applying the cryptomap for some traffic to the one and the rest of the traffic to the other one.

6 REPLIES
Hall of Fame Super Silver

VPN spanned over two WAN connections on Cisco ASA?

There's no ASA feature that does what you're asking, AFAIK.

Depending on your traffic profile, you might be able to hack a solution by creating two site-site VPNs (one via SDSL and the oher via the ADSL) and applying the cryptomap for some traffic to the one and the rest of the traffic to the other one.

New Member

VPN spanned over two WAN connections on Cisco ASA?

Thats what I thought, the only way I can see it working is if I got the draytek to create the tunnels and then have the ASA sit behind it as a firewall. Not sure if the Draytek requires another Draytek on the other site though.

Thanks for confirming this. Shame the ASA's don't support a little more really, one of the other things I miss for a smaller office is the DNS proxy/cache which can be found on IOS devices.

New Member

Hi Marvin,

Hi Marvin,

Is it possible to use ECMP for this?

Regards

Vaibhav

Hall of Fame Super Silver

Nice thought but ECMP is not

Nice thought but ECMP is not spported across multiple interfaces.

Source:

http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/115986-asa-eqm-products-configuration-example.html

New Member

Hi Marvin,

Hi Marvin,

I just read somewhere 

Starting with Asa 9.3.2 Asa supports 8 ecmp routes over multiple interfaces using zones

Hall of Fame Super Silver

Good catch - you might be

Good catch - you might be able to get that to work.

Let us know how it works out if you get an opportunity to try it.

746
Views
0
Helpful
6
Replies