Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
458
Views
0
Helpful
2
Replies

PIX IpSec VPN with "ip load-sharing per-packet" NxT1

dmooreami
Level 3
Level 3

‎10-23-2008 06:58 AM - edited ‎03-11-2019 07:01 AM

Looking to add another T1 to an exsiting 2600Xm router. We use IPSEC tunnels over the internet to connect offices.

Will using "ip load-sharing per-packet" interfere with the IPSEC Site-to-Site tunnel between my Pix 506e and other Pix's?

Is there something here on the Cisco site that states not to use "ip load-sharing per-packet" with IPSEC Tunnels?

thanks

Labels:
0 Helpful
2 Replies 2

alexandre.joanelli
Level 1
Level 1

‎10-28-2008 12:13 PM

I think that you will have no problem with that, once the splited ipsec sessions will be reassembled before reach the PIX through the router LAN interface.

Im not sure if an unordered flow os packets could originate some kind of problem, as errors or even performance issues.

Try use "per-session" to mitigate the impacts to the production environment.

0 Helpful

dmooreami
Level 3
Level 3
In response to alexandre.joanelli

‎10-28-2008 01:25 PM

TAC informed me that can't use T1 load sharing.

" Even if you're doing the load balancing on the routers and the IPsec endpoint is not the router itself, you'll have out-of-order packets due to the nature of load-sharing so the anti-replay feature will bring the tunnel down."

So solution is to go Multilink (mlpp).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card