Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1332
Views
0
Helpful
3
Replies

NAT Load-Balancing and ipsec tunnel

mathieu.ploton
Level 1
Level 1

‎12-10-2009 05:57 AM - edited ‎02-21-2020 04:25 PM

Hi,

In one of our remote location, we have a dsl connection that is not really good (slow bandwidth and goes down a few times). We would like to purchase some other dsl lines and to find a way to load-balance those lines. This loadbalancing will support the ipsec tunnel to our headquarters.

Please consider that we are setting up the ipsec tunnel into a gre tunnel.

I'm wondering if I can setup the following configuration.

I would like that the gre tunnel will be defined in source as a fake adress that will be nated in the outside interface in a load balanced way to the two or more internet gateway.

Here the configuration I would like to implement. I just write it and not run it in a device so there will be probably some syntax errors. Please don't take that into account. I just would like to know if this configuration globally makes sense and will provide us a good reliability in our tunnel traffic.

track timer interface 5

track 123 rtr 1 reachability
delay down 15 up 10

track 124 rtr 1 reachability
delay down 15 up 10

crypto isakmp key KEY address Remote_IP


crypto map WAN 1 ipsec-isakmp
description GRE Tunnel
set peer Remote_IP
set transform-set WANSET
set pfs group2
match address 11

interface FastEthernet0/0.1

desc first isp

ip address A
ip nat outside
ip virtual-reassembly
!
interface FastEthernet0/0.2

desc second isp
ip address B
ip nat outside
ip virtual-reassembly


interface FastEthernet1
description LAN Interface
ip address 192.168.254.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!


interface Tunnel1
description GRE tunnel
ip address 192.168.1.1 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1350
keepalive 10 3
tunnel source 1.1.1.1             !! Fake IP that will be nated
tunnel destination Remote_IP
crypto map WAN

router eigrp 100
distribute-list 10 out Tunnel1


ip route 0.0.0.0 0.0.0.0 fa0/0.1 track 123 !Tracking in the ISP 1
ip route 0.0.0.0 0.0.0.0 fa0/0.2 track 124 !Tracking in the ISP 1
!

ip nat inside source route-map nat1 interface FastEthernet0/0.1 ! replace the source interface by the public address of the ISP 1
ip nat inside source route-map nat2 interface FastEthernet0/0.2 ! replace the source interface by the public address of the ISP 2
!
!
ip sla 1
icmp-echo gw_isp1 source-interface Fa0/0.1
timeout 1000
threshold 40
frequency 3
!
ip sla 2
icmp-echo gw_isp2 source-interface Fa0/0.2
timeout 1000
threshold 40
frequency 3
!
!
ip sla schedule 1 life forever start-time now
ip sla schedule 2 life forever start-time now
!
!
access-list 11 permit gre host 1.1.1.1 host Remote_IP
!
!
route-map nat1 permit 10
match ip address 11
match interface Fa0/0.1
!
route-map nat2 permit 10
match ip address 110
match interface FastEthernet0/0.2

I'm fully aware that in the other side, I would have to translate again the two public ip address that source my tunnel with a nat one like in this side.

Is it the way to do it?

Labels:
0 Helpful
3 Replies 3

junshah22
Level 1
Level 1

‎12-11-2009 01:39 AM

Hi,

I am also trying to achieve almost the same goal, but in my scenario, there is a difference,

I am trying to use 2 Internet connections, as both DSL connections are not so good, but i am not configuring GRE Tunnel, I want my company employees to be connected via Soft VPN Client,

Please advise,,,,

Regards,

Junaid Abbas

0 Helpful

mathieu.ploton
Level 1
Level 1
In response to junshah22

‎12-11-2009 05:16 AM

Could someone have a look and validate (or not) this configuration ?

Best regards,

0 Helpful

mathieu.ploton
Level 1
Level 1
In response to mathieu.ploton

‎12-14-2009 04:18 AM

Hi,

Could someone help me with that ?

Thanks !

0 Helpful
Customers Also Viewed These Support Documents