Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
304
Views
0
Helpful
2
Replies

How to configure a tunnel having two serial interfaces with one IP each?

sguerrero
Level 1
Level 1

‎07-05-2005 06:57 AM - edited ‎03-09-2019 11:44 AM

I had a tunnel in a peer-to-peer using a 2 MB internet access. Now I need to increase to 4MB, but my service provider offers me two coax, so I will use two different serials with different IPs each, also, I will have two default gateways. I just tried to bring up my tunnel and instead of using my peer address as the serial I had before, I added a loopback and pointed my remote site to peer with loopback instead, but I was not able to bring tunnel up. I think it is because I have two different gateways, I don´t know what else to configure then or if this config is possible.

Any suggestion?

Thanks,

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎07-05-2005 01:24 PM

When you changed the configuration and set up a loopback interface you changed the remote to peer with the loopback, but did you change the crypto map on this router and specify the loopback as the source of IPSec peering. By default IPSec will use the IP address of the outbound interface as the IPSec peer address. So you need the command:

crypto map local-address

to get it to source its IPSec from the loopback.

If your router is going to have 2 serial interfaces (each with a separate IP address), and if the serials originate on the same router and terminate on the same router, then I am not sure that they will be effective in increasing the throughput of the VPN. If the router does destination based load sharing then all the packets to the VPN peer should be on one of the interfaces. If you try to configure the router to do packet by packet load sharing, then you increase the possibility of out of order packets. And out of order packets are especially bad in IPSec because IPSec will detect out of order and discard the out of order packet and believe that there is some attack that is disrupting the IPSec packets.

If the two serials are running PPP encapsulation and could be configured with PPP multilink then you would get the benefit of the added serial link.

HTH

Rick

HTH

Rick
0 Helpful

sguerrero
Level 1
Level 1
In response to Richard Burts

‎07-07-2005 07:46 PM

Thanks for your tip. Actually yes, I changed the remote peer to point to my loopback as destination and changed the crypto maps. What I didn´t use was the ppp mulyilink, I will try and will let you know.

Thank you very much.

0 Helpful
Customers Also Viewed These Support Documents