11-22-2010 02:44 AM - edited 03-04-2019 10:32 AM
Hi,
We have two sites in our company (main and branch offices). Both sites have two ADSL connections to internet. Both sites have a Cisco 2911 router with two HWIC interfaces each. I would like to know if the following scenario is possible.
We would like to create two site to site VPNs that will connect our two sites. We want the first VPN to be used for RDP traffic (we would like RDP traffic to pass through first VPN). We want the second VPN to be used for file copying between the two sites (we would like file copying traffic to pass through the second VPN).
How can we achieve this goal?
Thanks in advanced.
11-22-2010 03:09 AM
You could use the policy based routing and protocol map for directing the rdp via "vpn1" and other traffic via "vpn2"
11-22-2010 03:22 AM
Thanks for your reply,
In policy based routing we must define match and set clause.
What we must put on set clause?
Thanks again.
11-22-2010 04:54 AM
This could be a bit complex ... over the internet the VPN peers would be reachable via both the links, so you cannot guarantee which VPN uses which ADSL connection
What you could do is add a static entry on the routers for the other side VPN to egress out the required ADSL connection.
On the inside interface, do PBR and set the other side interface ip address based on your matching criteria. The router would do a reverse lookup and use the above static entry and associated ADSL connection to exit out
HTH
Narayan
11-29-2010 04:33 AM
Hi, I am trying to create the two VPNs I was talking about in the beginning of the post.
The first VPN is created and is up. I have created the second VNP using Cisco Configuration Professional. When I am trying to test it through CP I get the following message:
The peer must be routed through the crypto map interface. The following peer(s) are routed through non-crypto mp interface: 1) "public IP address of the others side router".
What do I have to do? Is it possible to have two VPNs with the same source and destination network using different HWIC Interfaces (VPN0 must use the Dialer0 and VPN1 must use Dialer1)? The network ID of site0 is 192.168.1.0 and the network ID of site1 is 192.168.4.0.
Thanks
11-29-2010 04:40 AM
11-29-2010 05:25 AM
Hi Mohamed
You are saying that is not possible to have two active VPNs from a source network to a destination network through a cisco router.
Consequently, you are saying that is not possible to have RDP using the first VPN and File Copying using the second VPN?
Is that right?
Thanks.
11-29-2010 06:31 AM
Yes thats right, you cant forward traffic using the secondary as long as the primary link is active. The Secondary IPsec tunnel would be a backup for the Primary one and traffic can be forwarded once the primary link fails.
Note:
We are talking about 2 IPsec tunnels using the same source to the same destination Networks.
HTH
Mohamed
11-29-2010 06:49 AM
Yes, we are talking about 2 IPsec tunnels using the same source to the same destination Networks.
Is there a workaround to achive this.
Thanks,
11-29-2010 07:05 AM
The Only workaround I can think of is to split your Inside Network, for example if you have a Network 192.168.1.0/24, try to have this network spilited to 192.168.1.0/25 and 192.168.1.128/25.
Then configure two IPsec tunnels , One is having a Source Network of 192.168.1.0/25 accessing a destination Network of whatever, and a Second one of a source Network of 192.168.1.128/25 accessing the same destination Network.
With the above, both IPsec tunnels will be active and forwarding at the same time.
Let me know if you have any other inquiries,
HTH
Mohamed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide