Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco 1841 load balance VPNs

Can anyone give me some configuration advice on the best protocol/config to use for the following setup?

I've got a remote office running with a private subnet and a Cisco 1841 router that has 2 ADSL cards installed. Both ADSL cards create a dialer interface with a static IP address and the private subnet NATs behind it. Each interface also connects to a seperate PIX firewall on the private subnet at the head office. This forms two basic ipsec VPN tunnels, by assigning a crypto map on each Dialer interface. As a consequence, no VPN interface is created like you do with some VPN protocols (int Tunnel0 etc). Both PIX firewalls sit on the same subnet as a 3750 router, which is the default router for all HO hosts and servers.

As a rough diagram:

Head office __3750----pix2(192.168.12.238)---(web) ---dialer0 1841

192.168.12.0 |-----pix1(192.168.12.253)---(web)---dialer2 192.168.42.3

What I want to do, is load balance the VPN connections, both both directions, so the 1841 will distribute between its two dialer interfaces and the 3750 will distribute traffic between the two pixes. The system needs to know if a line goes down. Currently I am using static routes of equal value, however if one line dies, 50% of traffic is lost.

OSPF sounded like a good idea, however if I login to pix1 and try to ping 192.168.42.3, it tries to send it via the outside interface and the ISP correctly drops the traffic. As such, I can't form a neighbour relationship over the tunnel.

Is there a better protocol to use, or is there a way to configure a router to talk over its own VPN tunnel.

Any advice appreciated.

1 REPLY
Silver

Re: Cisco 1841 load balance VPNs

Load sharing distributes traffic so that no individual router is overburdened. In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network, you can achieve load sharing through the following methods:

"BGP Multipath options

"Directly Connected Loopback Peering

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080442572.html

220
Views
0
Helpful
1
Replies