cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

899
Views
0
Helpful
6
Replies
Beginner

VPN spanned over two WAN connections on Cisco ASA?

Hello,

I have a quick question for you guys, as I'm not too sure if you can do this.

Basically, we are connecting two offices together and need higher bandwidth between the sites over VPN. The main site has a leased line and the remote site has an SDSL connection with a secondary ADSL line with a different provider, set in failover mode.

There is a Cisco ASA 5520 at main branch and 5510 at remote, with a site-to-site VPN between sites.  Is it possible to use the failover line to increase our bandwidth over the site-to-site VPN? What I mean by this, is create a VPN link combined over the two WANs?

Draytek have a feature on their 2930 series that allows you to do this called VPN Trunk/Bonding. I was wondering if this is possible on the Cisco ASA? If not, is there anyway I could achive this with any additional hardware? I don't want to use the Draytek for the mainsite, obviously because the load would probably kill it but I'm not against using this at the remote site infront of the ASA.

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Master

VPN spanned over two WAN connections on Cisco ASA?

There's no ASA feature that does what you're asking, AFAIK.

Depending on your traffic profile, you might be able to hack a solution by creating two site-site VPNs (one via SDSL and the oher via the ADSL) and applying the cryptomap for some traffic to the one and the rest of the traffic to the other one.

View solution in original post

6 REPLIES 6
Hall of Fame Master

VPN spanned over two WAN connections on Cisco ASA?

There's no ASA feature that does what you're asking, AFAIK.

Depending on your traffic profile, you might be able to hack a solution by creating two site-site VPNs (one via SDSL and the oher via the ADSL) and applying the cryptomap for some traffic to the one and the rest of the traffic to the other one.

View solution in original post

Highlighted
Beginner

VPN spanned over two WAN connections on Cisco ASA?

Thats what I thought, the only way I can see it working is if I got the draytek to create the tunnels and then have the ASA sit behind it as a firewall. Not sure if the Draytek requires another Draytek on the other site though.

Thanks for confirming this. Shame the ASA's don't support a little more really, one of the other things I miss for a smaller office is the DNS proxy/cache which can be found on IOS devices.

Beginner

Hi Marvin,

Hi Marvin,

Is it possible to use ECMP for this?

Regards

Vaibhav

Hall of Fame Master

Nice thought but ECMP is not

Nice thought but ECMP is not spported across multiple interfaces.

Source:

http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/115986-asa-eqm-products-configuration-example.html

Beginner

Hi Marvin,

Hi Marvin,

I just read somewhere 

Starting with Asa 9.3.2 Asa supports 8 ecmp routes over multiple interfaces using zones

Hall of Fame Master

Good catch - you might be

Good catch - you might be able to get that to work.

Let us know how it works out if you get an opportunity to try it.