cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
868
Views
0
Helpful
5
Replies

Load-balancing site-to-site VPN

DaveTanKK
Level 1
Level 1

Hi,

I'm trying to connect 2 site with IPSec Site-to-Site VPN using cisco routers. The 2 sites will be connected via 2 provider on 2 separate routers. Load-balancing is one of the requirement.

Can anyone advise me how i can implement this without using GRE over IPSec? Please give me your advise as I relatively new to IPSec.

5 Replies 5

Philip D'Ath
VIP Alumni
VIP Alumni

GRE over IPSec is the most straight forward way of doing it.

But if you have your heart set on not using GRE, then try using Optimised Edge Routing.

http://www.cisco.com/go/oer

Hi, is there a more straight forward alternative?

Can I run dynamic routing (EIGRP) between Router A-D and IPSec between VPN Router 1 & 2. This way I'll be able to get load sharing over the WAN connection and have IPSec protection at the same time right? Will this work?

RouterA---RouterB

VPN | | VPN

site--Router1-- | | --Router2--Site

A RouterC---RouterD B

Hi, is there a more straight forward alternative?

Can I run dynamic routing (EIGRP) between Router A-D and IPSec between VPN Router 1 & 2. This way I'll be able to get load sharing over the WAN connection and have IPSec protection at the same time right? Will this work?

Refer to attached.

If the routers are seperated by an ISP, then no. EIGRP requires directly connected links - hence the reason why GRE over IPSec is the best method to achieve what you need.

roluce
Level 1
Level 1

We're currently doing this using GRE. When we started we were passing IPX, Appletalk, IPv4 uni and multicast. At this moment, we're only doing IPv4 and IPv6 unicast and multicast.

It might not seem the "coolest" way to do it, but it's rock solid reliable. Since Cisco added GRE keepalives and CDP support, I'd be hard pressed to do it any other way.

Rob