cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
348
Views
0
Helpful
1
Replies

Multiple WAN Interfaces for site-to-site VPN

Dimitris Mingos
Level 1
Level 1

Hello,

I have the following scenario. I have 2821 router at headquarters with 3 DSL WICs and Static IP's.

There are 14 remote sites. All sites are equipped with 876 ADSL Routers and Static IP.

I also have an application server at headquarters.

Is it possible to split my VPN's in two groups each containing seven sites, one for the first DSL line and the second for the second DSL line.

I am planning to use the third DSL line for internet surfing.

Is this a working scenario?

I will appreciate any assistance.

Thank you.

1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Dimitris,

Yes it's FEASIBLE, multiple possibilities exist to solve this, the easiest way is probably to put the DSL you need for VPN termination in separate (front) VRFs and decapsulate into global VRF (in case of logical interfaces, this will not work with crypto maps).

Since remote sites are also routers you can check either DM-style config or DVTI-SVTI scenario. Or if you're out of ideas, use crypto maps (with known restrictions).

Have a look at the cheat sheet, there are some restrictions listed there:

https://supportforums.cisco.com/docs/DOC-13524

Logical interfaces with tunnel protection is the way to go.

M.