Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

Site to Site IPsec Vpn using multiple internet Link

I am planning to deploy IPSec VPN between branch and Center connectivity.

Please refer the attached diagram.

Share internet link will be use to connect Center and multiple site.

Number of sites are 40 and required Bandwidth at Center side is 1.5 Gbps and Branch side it required bandwidth is 30mbps with IPsec vpn.

The shared internet link capacity is 100 mbps around 50mbps is granteed,

So I will use to multiple internet link at center Site and Branch side one internet Link will be used.

Currently we are using Web-VPN device to achieve this requirement.

But there are some draw back with that setup:

  • •1) We need to use Web-Vpn device both side to achieve our requirement of multiple link.
  • •2) Web-VPN is customizing OS system, which sometime create problem.

.

I was checking Cisco ASR1002 to achieve the requirement, but I am not sure whether it will work properly.

Does any one have any information on the same?

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Site to Site IPsec Vpn using multiple internet Link

hi,

based on my understanding, by saying multi internet link, means you are going to use more than one ISP for your central office, is this correct?

if the answer is yes. then yes, cisco ASR1002 can do this.

https://docs.google.com/a/scream-productions.com/viewer?a=v&q=cache:qrZufyHjujMJ:www.cisco.com/web/SI/expo2009/assets/docs/Usmerjevalniska_platforma_ASR_1000_Istvan_Kakonyi.pdf+&hl=id&gl=id&pid=bl&srcid=ADGEEShLZuWai_JcrtJTRdMnaAtQ9gbG9LG_vVqSN1IfK0l...

try to check on the positioning part of that docs,

and the technology that make this possible is by implementing route map, and setting the next hop default ip to the isp you want.

you might want to do research further on the device feature and how to configure them:

http://www.cisco.com/en/US/products/ps9343/products_installation_and_configuration_guides_list.html

if you want to be more confident with this, i think its better for you to engage with local cisco team in your city.

regards,

4 REPLIES

Re: Site to Site IPsec Vpn using multiple internet Link

I think if we use multiple internet links on any router having GB port and which support 1.5 GB speed on IPsec VPN…We can make IPsec VPN with individual link.

Does anyone know any model from cisco which has such capacity and having 12GB interface ?

I must say if non-Cisco Vendor can do cisco will, it must have some solution but maybe I am missing.

New Member

Site to Site IPsec Vpn using multiple internet Link

hi,

dont know if this gonna answer your problems,

in the old days, i use separete device for access and for vpn termination. the site to site vpn config works just fine for 40 branch, but after that, the router performace was going down. i used Service Provider class router only for terminating the vpn connection at central office. still, the vpn connection were not stable because the vpn termination was having very high cpu utilization and then reboot itself.

but then we changed to site to site vpn using virtual tunnel interface on the same device, using the same device we were managed to handle 400 site to site connection without any issue.

regards,

Re: Site to Site IPsec Vpn using multiple internet Link

hi,

Thanks for your reply...

In my case there are 2 problems one is multi-internet link at center side for high bandwidth and second Center side device capacity for IPSec VPN.

Currently we are using web-vpn. it is working fine with multi internet link and ipsec vpn too.

But as I mentioned that device has some issue.

So I am looking something similar in Cisco.

There is no problem using different device for VPN and Virtual tunnel but how about multi internet link?

New Member

Re: Site to Site IPsec Vpn using multiple internet Link

hi,

based on my understanding, by saying multi internet link, means you are going to use more than one ISP for your central office, is this correct?

if the answer is yes. then yes, cisco ASR1002 can do this.

https://docs.google.com/a/scream-productions.com/viewer?a=v&q=cache:qrZufyHjujMJ:www.cisco.com/web/SI/expo2009/assets/docs/Usmerjevalniska_platforma_ASR_1000_Istvan_Kakonyi.pdf+&hl=id&gl=id&pid=bl&srcid=ADGEEShLZuWai_JcrtJTRdMnaAtQ9gbG9LG_vVqSN1IfK0l...

try to check on the positioning part of that docs,

and the technology that make this possible is by implementing route map, and setting the next hop default ip to the isp you want.

you might want to do research further on the device feature and how to configure them:

http://www.cisco.com/en/US/products/ps9343/products_installation_and_configuration_guides_list.html

if you want to be more confident with this, i think its better for you to engage with local cisco team in your city.

regards,

998
Views
0
Helpful
4
Replies
CreatePlease to create content