Is it possible to have a CSS11000 in a local site perform load balancing and fail over to two different destinations on the internet that require a VPN connection. The VPN will be a router to router VPN using 7206s.
CSS is designed to handle TCP- and UDP based traffic, not IPSec. When handling IPSec traffic Content Switching Module (CSM) inside Catalyst 6500 series is recommended for that purpose.
Correct me if I'm wrong, but if the VPN tunnel is built between the two 7206s, the IPSEC traffic should not even touch the CSS boxes. They should be oblivious to the fact that there is any IPSEC activity between point A and point B.
Correct. In that case CSS would only see clear text traffic and do load balancing and provide redundancy between different VPN boxes initiating VPN tunnels to Internet. You just have to make certain all packets belonging to the same sesssion get forwarded to same destination, for example sticky based on source IP etc...
You can create a service in CSS11000 and apply both of your connections into it. You can use then as a load balancing (with failover), or using them as a single connection (with failover).
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
