RV082 VPN Load Balance

bhogue · ‎05-15-2014

I've got a remote site with two separate 5 Mbps MAN connections. I'm only using one of the connections and the other is a manual "swap the cable" backup. I need a VPN between sites. Could I setup two RV082 devices with a VPN on each WAN port and use load balancing as well?

chrebert · ‎05-16-2014

Hello,

I believe what you are describing is possible. The RV082 does support a backup remote and local WAN/IP for a site-to-site tunnel, the option is mentioned on page 137 of the Administration Guide. As for the load balancing that would depend. I don't think you could have two tunnels carrying the same traffic at the same time, because I don't think there is a load balancing method built in for that sort of setup on the RV082. However you could sort of manually load balance the VPN tunnels by sending different VLANs over different WAN ports. You can load balance normal internet traffic between two WANs, so they could both be active at once, the protocol binding options just don't apply for VPN traffic, since it has it's own failover mechanisms.

You would have a better backup then a "swap the cable" manual option, since the tunnel would just failover between the four WANs as needed when DPD detected a failure, it just wouldn't use them all at the same time for the same traffic without same manual tweaking.

Hope that all makes sense,

Christopher Ebert - Advanced Network Support Engineer

Cisco Small Business Support Center

*please rate helpful posts*

bhogue · ‎05-16-2014

Hi Christopher

Thanks for the quick reply. From what I've read in the manual and this forum, if I do protocol binding and one WAN link fails, I'll have to manually move the traffic to the working link. I'm trying to get as automatic as possible for really cheap :) I was also considering using two RV180 routers for the site to site VPNs and an RV042 for load balancing. As long as I can disable NAT, firewall, etc I should be okay. I think I'll just get one and experiment with it.

SamirD · ‎05-22-2014

It is not possible to have more than one tunnel between two endpoints because the subnets on each side have to be different. I've run into this on the rv016 when I wanted to have some sort of load-balancing across the vpn.

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

chrebert · ‎05-19-2014

Hello,

I went ahead and set one of these up to test just to make sure.

I had a dual-WAN setup with HTTP bound to WAN1. When I unplugged WAN1 the HTTP switched over to WAN2 as soon as the link failure was detected. So you can protocol bind and still have it fail-over when the WAN it is bound to fails.

Hope that helps,

Christopher Ebert

SamirD · ‎05-22-2014

But while this works for protocol binding it will NOT work for VPN. Why? Because the VPN profiles won't match when the WAN changes. In other words, the router on the other side will see the traffic coming from a different WAN, so it will reject it.

You would have to modify the tunnel with the updated WAN information each time for it to start working again.

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

chrebert · ‎05-23-2014

Samir,

With these devices it does work for VPN, they have a backup endpoint option. You are correct that without a backup option builtin like this it would not work, but with the backup endpoint option on these routers it should work just fine, they just won't both be up at the same time.

Christopher Ebert - Advanced Network Support Engineer

Cisco Small Business Support Center

*please rate helpful posts*