Hi There,

I'm trying to setup a 2nd ADSL connection on a Cisco 887 due to some speed/bandwidth issues.

The router currently already has a working ADSL2+ connection using the build in DSL modem.

What I'm trying to achieve is setup the router so all the Internet traffic from the main site uses Internet1 and all the VPN traffic to a branch uses Internet2.

I haven't looked yet at load balancing and there's no immediate need for it.

Internet1 is already setup and working using the built in DSL modem of the 887 router.

Now I have an external modem/router which I've setup in bridge mode, and connected to the Fastethernet 3 interface of the 887.

I've setup a second dialer (Dialer2) for the new Internet connection, I've then assigned it to interface Fastethernet 3 and enable pppoe.

Then I was thinking to use the following ip routes to split the Internet and VPN traffic, would that work? maybe there's a better way?:

ip route 192.168.10.0 255.255.255.0 Dialer2

ip route 0.0.0.0 0.0.0.0 Dialer1

At the moment dialer2 does not seem to dial when I do a "show ip int brief", Dialer2 does not get assigned a public IP address as it should, dialer 1 is OK.

Also do I need to use NAT on dialer2 if it's only being used for the VPN connection?

I found a few configuration for DSL load balancing but all of them are for a Cisco 881, is there something different with the 887 (with built in dsl modem?).

Here are the most relevant parts of the config:

controller VDSL 0

!

crypto isakmp policy 1

authentication pre-share

crypto isakmp key secretpassword address 111.111.111.111

!

crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac

mode tunnel

!

crypto map Sydney-VPN 10 ipsec-isakmp

set peer 111.111.111.111

set transform-set 3DES-SHA

match address Sydney-Crypto-list

!

!

interface Ethernet0

no ip address

shutdown

!

interface ATM0

description ### DSL 1 ###

no ip address

no atm ilmi-keepalive

pvc 8/35

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

description ### DSL 2 ###

no ip address

pppoe-client dial-pool-number 2

no cdp enable

!

interface Vlan1

description ### Customer LAN ###

ip address 192.168.16.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Dialer1

description ### WAN1 ###

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer idle-timeout 0

dialer persistent

dialer-group 1

ppp chap hostname user1@dsl.net

ppp chap password 7 0000000000000

!

interface Dialer2

description ### WAN2 ###

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 2

dialer idle-timeout 0

dialer persistent

dialer-group 2

ppp chap hostname user2@dsl.net

ppp chap password 7 000000000000

crypto map Sydney-VPN

!

ip nat inside source route-map Route1 interface Dialer1 overload

ip nat inside source route-map Route2 interface Dialer2 overload

ip route 192.168.21.0 255.255.255.0 Dialer2

ip route 0.0.0.0 0.0.0.0 Dialer1

!

ip access-list extended Sydney-Crypto-list

permit ip 192.168.16.0 0.0.0.255 192.168.21.0 0.0.0.255

!

route-map Route1 permit 10

match ip address 101

set interface Dialer1

!

route-map Route2 permit 20

match ip address 103

set interface Dialer2

!

access-list 101 deny   ip 192.168.16.0 0.0.0.255 192.168.21.0 0.0.0.255

access-list 101 permit ip 192.168.16.0 0.0.0.255 any

access-list 102 permit tcp any any eq 22

access-list 102 permit tcp any any established

access-list 103 deny   ip 192.168.16.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 103 permit ip 192.168.16.0 0.0.0.255 any

!

!

Thanks,

Florian