Thank you Jack, I would like to know how I could do the per-packet load-sharing.

Meanwhile, the problem is the VPN connected to the first fastethernet 0/0 and got public IP address at the same subnet of the ADSL The ADSL is connected to the second fastethernet 0/1 of the router, how I can do static route in this case?there will be duplictaion issue.

The other FR link is on serial interfcae and having private IP address.

Cheers

Salah.

You're welcome. Could you please clarify the network design as below ?

LAN <--> VPN GW <--> 1841 <--ADSL/FR--> Remote router <--> Remote VPN GW <--> Remote LAN

Do you mean you have no IP at ADSL ? or Unnumbered the IP of FE0/0 w/ FE0/1 ?

I will suggest to use below static route for load-sharing.

ip route 0.0.0.0 0.0.0.0

ip route 0.0.0.0 0.0.0.0

and remove the "ip route-cache" at ADSL and serial interace, i.e. ("no ip route-cache").

Check below for info.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094820.shtml

Or if the router can support CEF, you can use "ip load-sharing per-packet", check below for details and try the configuration to determine which one works for you.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800ca6ca.html#1000978

However, I still concern on two link performance and may create problem if load-sharing between them. Better take test and select the best solution.

Hope this helps.

The VPN connected to first router Ethernet interface which has a public IP addess.

How I could connect the ADSL to second router Ethernet interface which has a public IP as well with same subnet of the first Ethernet interfcae

In a router, you cannot configure same subent in more than one interface. Unless you are using unnumberin then it use the unnumbered interface address.

Could you please provide a diagram that show how the devices are connectde each other. I still not understand why you need to use same subnet for two interfaces. Thx.

Note: It is one ISP and one subnet for both connection (ADSL&FR)

ADSL has an Ethernet connection with Public IP, FR has serial with private IP

Thanks for the diagam. It is much clear. Could you answer below questions ?

1) Will th RHS VPN can connect to the Internet directly ? i.e. w/o require to connect to a router ?

2) I believe the ADSL is using public IP from the ISP and the router at LHS use the pubic which provided by ISP (FR or ADSL) or you own it ?

3) Are the ADSL & FR the same ISP ?

4) How does the FR connet to Internet ? Or it is a private link ? Private address should not able to be used in Internet. Or where to carry the NAT ?

Wait for your feedback.:)

My answers are below:-

Will th RHS VPN can connect to the Internet directly ? No., it is connected to a rouetr and FW.

2) I believe the ADSL is using public IP from the ISP and the router at LHS use the pubic which provided by ISP (FR or ADSL) or you own it ? We own the router Cisco 1841

3) Are the ADSL & FR the same ISP ? Yes, same ISP

4) How does the FR connet to Internet ? Or it is a private link ? Private address should not able to be used in Internet. Or where to carry the NAT ?

Private on the serial interface but the internet traffic will be carried by public IP address which is the same as the ADSL subnet.

Thanks for your help.

For Q2, I mean the IP address. But it is ok because you are using the same ISP for two links.

I still no understand on Q4 that if your FR link is also connecting to the Internet, you have to use public IP or the ISP carry the NAT for this link. Please clarify.

If two WAN connections are provided by the same ISP then it should be no issue to advertise the same public address to the Internet.

I believe the IP at private side of VPN should be private and use public IP at the connection to the router. Right ?

Then the VPN connection to the router is also using the public IP, so you can simply to enable two static routes at the routers as I mentioned before to point to the interface as next-hop.

If there is traffic from VPN GW to router, ther router will load-sharing by two equal cost static routes. At the RHS, there is no issue that the VPN is connecting to a FW and router then the Internet. Two VPN should able to build the tunnel.

Could you please provide the 1841 config then I can understand the current design more.

Hope this helps.

I agree with you to use two static routes, but my qoustataion is, what IP address will be assigned for the Router ethernet interface connected to the ADSL modem, bear in your mind that we are using the 2nd Ethernet for the VPN and it has same subnet of the ADSL Public IP address !!

As I mentioned before, you can use interface name as the next-hop in static route.

e.g.

ip route 0.0.0.0 0.0.0.0

ip route 0.0.0.0 0.0.0.0

But what IP address will be assigned for the Fast 0/0 interfcae belong to the ADSL ?Also VPN is connected to the second fast 0/1 having public IP address !!

So you have two devices having public IP address which is couldn't be:

Int fas 0/0

Desc TO VPN

IP address 213.42.180.68

Int fas 0/1

Desc " To ADSL "

IP address ??????????????? (What is the IP address here???

!

ip route 0.0.0.0 0.0.0.0 213.42.180.66 (ADSL)

ip route 0.0.0.0 0.0.0.0

Please correct me if I understood incorrectly.

I belive the PTT should provide two sets of public IP to you. One for FE 0/0 (VPN connection) and one for the ADSL connection.

If there is only one IP, you can try to use IP unnumbering at FE 0/1 as below :

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094e8d.shtml

int fast 0/1

ip unnumbered fast 0/0

ip route 0.0.0.0 0.0.0.0 fast 0/1

ip route 0.0.0.0 0.0.0.0

Please try it and advise the result.

Hope this helps.

I can not add ip unnumbered on fast ethernet it gives me error :

Point-to-point (non-multi-access) interfaces only