Dear Martin,

Thanks for your response. I have PIX with 7.0.4 version and 2 ISP links.I have VPN connectivity between 2 offices over IPSEC.My US office is stable but India end links fluctuate so in India I have 2 ISP and required to make them redundant. Previously I have one ISP link so it was working fine.

But now with 2-ISP I can't understand the design how to load balace VPN on that.

If you required any other info. plz reight back to me.

Thanks

Gaurav

Hi there,

For this to work, you'll need more equipment in the design (the PIX itself can't have two default gateways):

Option A)

1) Put in another PIX on ISP link #2

2) Enable OSPF routing over the IPsec links

link: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804acfea.shtml

3) Let your internal LAN router on the India-side talk OSPF with the PIX'es as well. If you don't have a LAN-router, you'll need another interface on the PIX'es to allow for forwarding the packets to the other PIX. Or juts inside&outside on the extra PIX, while you add another interface on the old one.. or the other way around.. you choose. :)

Option B)

1) Put a router in front of the PIX and let the ISP connections go to this router.

2) Do some bidirectional NAT'ing on the router to let the connections be 'stateful'

link: http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Virtual%20Private%20Networks&topic=Security&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dda293f/3#selected_message

Did it help? If so, please rate it.