Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2881
Views
0
Helpful
4
Replies

Site to Site IPsec Vpn using multiple internet Link

Go to solution
kapildev.bhatnagar
Level 1
Level 1

‎06-20-2012 02:37 AM - edited ‎03-04-2019 04:43 PM

I am planning to deploy IPSec VPN between branch and Center connectivity.

Please refer the attached diagram.

Share internet link will be use to connect Center and multiple site.

Number of sites are 40 and required Bandwidth at Center side is 1.5 Gbps and Branch side it required bandwidth is 30mbps with IPsec vpn.

The shared internet link capacity is 100 mbps around 50mbps is granteed,

So I will use to multiple internet link at center Site and Branch side one internet Link will be used.

Currently we are using Web-VPN device to achieve this requirement.

But there are some draw back with that setup:

  • •1) We need to use Web-Vpn device both side to achieve our requirement of multiple link.
  • •2) Web-VPN is customizing OS system, which sometime create problem.

.

I was checking Cisco ASR1002 to achieve the requirement, but I am not sure whether it will work properly.

Does any one have any information on the same?

Labels:
Preview file
70 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
handoko wiyanto
Level 3
Level 3
In response to kapildev.bhatnagar

‎06-26-2012 11:00 PM

hi,

based on my understanding, by saying multi internet link, means you are going to use more than one ISP for your central office, is this correct?

if the answer is yes. then yes, cisco ASR1002 can do this.

https://docs.google.com/a/scream-productions.com/viewer?a=v&q=cache:qrZufyHjujMJ:www.cisco.com/web/SI/expo2009/assets/docs/Usmerjevalniska_platforma_ASR_1000_Istvan_Kakonyi.pdf+&hl=id&gl=id&pid=bl&srcid=ADGEEShLZuWai_JcrtJTRdMnaAtQ9gbG9LG_vVqSN1IfK0l...

try to check on the positioning part of that docs,

and the technology that make this possible is by implementing route map, and setting the next hop default ip to the isp you want.

you might want to do research further on the device feature and how to configure them:

http://www.cisco.com/en/US/products/ps9343/products_installation_and_configuration_guides_list.html

if you want to be more confident with this, i think its better for you to engage with local cisco team in your city.

regards,

View solution in original post

0 Helpful
4 Replies 4

Go to solution
kapildev.bhatnagar
Level 1
Level 1

‎06-20-2012 07:46 PM

I think if we use multiple internet links on any router having GB port and which support 1.5 GB speed on IPsec VPN…We can make IPsec VPN with individual link.

Does anyone know any model from cisco which has such capacity and having 12GB interface ?

I must say if non-Cisco Vendor can do cisco will, it must have some solution but maybe I am missing.

0 Helpful

Go to solution
handoko wiyanto
Level 3
Level 3
In response to kapildev.bhatnagar

‎06-21-2012 01:02 AM

hi,

dont know if this gonna answer your problems,

in the old days, i use separete device for access and for vpn termination. the site to site vpn config works just fine for 40 branch, but after that, the router performace was going down. i used Service Provider class router only for terminating the vpn connection at central office. still, the vpn connection were not stable because the vpn termination was having very high cpu utilization and then reboot itself.

but then we changed to site to site vpn using virtual tunnel interface on the same device, using the same device we were managed to handle 400 site to site connection without any issue.

regards,

0 Helpful

Go to solution
kapildev.bhatnagar
Level 1
Level 1
In response to handoko wiyanto

‎06-26-2012 06:05 PM

hi,

Thanks for your reply...

In my case there are 2 problems one is multi-internet link at center side for high bandwidth and second Center side device capacity for IPSec VPN.

Currently we are using web-vpn. it is working fine with multi internet link and ipsec vpn too.

But as I mentioned that device has some issue.

So I am looking something similar in Cisco.

There is no problem using different device for VPN and Virtual tunnel but how about multi internet link?

0 Helpful

Go to solution
handoko wiyanto
Level 3
Level 3
In response to kapildev.bhatnagar

‎06-26-2012 11:00 PM

hi,

based on my understanding, by saying multi internet link, means you are going to use more than one ISP for your central office, is this correct?

if the answer is yes. then yes, cisco ASR1002 can do this.

https://docs.google.com/a/scream-productions.com/viewer?a=v&q=cache:qrZufyHjujMJ:www.cisco.com/web/SI/expo2009/assets/docs/Usmerjevalniska_platforma_ASR_1000_Istvan_Kakonyi.pdf+&hl=id&gl=id&pid=bl&srcid=ADGEEShLZuWai_JcrtJTRdMnaAtQ9gbG9LG_vVqSN1IfK0l...

try to check on the positioning part of that docs,

and the technology that make this possible is by implementing route map, and setting the next hop default ip to the isp you want.

you might want to do research further on the device feature and how to configure them:

http://www.cisco.com/en/US/products/ps9343/products_installation_and_configuration_guides_list.html

if you want to be more confident with this, i think its better for you to engage with local cisco team in your city.

regards,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card