suitable solution for VPN?

lctiong · ‎01-16-2005

Hi,

I have an office which has a 2821 router and has 2 serial links coming out from that router. Are there anyway to load balance VPN traffic over that 2 links? How can i also load balance normal traffic over the same 2 links?

Anyone has any idea what solution can i use?

please advise,

Thanks.

meng

sachinraja · ‎01-16-2005

hi meng,

The VPN traffic will flow through physical links based on the routing configurations on that router. The physical reachability to the peer IP will decide if the traffic is load balanced or not. This truely depends on the flow of the IP packets.

Now, you have 2 links. you can add static routes on these links for load balancing or run any dynamic routing protocol

ip route 0.0.0.0 0.0.0.0 serial 0

ip route 0.0.0.0 0.0.0.0 serial 1

you can also put specific routes if needed. When this is done, the VPN/normal traffic is load balanced on the two serial links. there are no seperate configurations for load balancing VPN.

hope this helps.

Raj

lctiong · ‎01-17-2005

hi Raj,

Thanks for your advise, but do you mean using dynamic cryto map or building 2 separate VPN tunnels over the 2 physical links and manually defining what traffic should go through which link?

meng

sachinraja · ‎01-17-2005

Hi meng,

doesnt matter if it is dynamic or static. The reachability to the peer IP of the VPN, is through both the links, load balancing, because of the routing configured.

the packets on the router only knows the VPN peer IP reachability and not the data inside it, because it is encrypted, in both the cases.

you need not create 2 tunnels for each link. One tunnel from source to destination is enough and will be load balanced between the links..

Raj

lctiong · ‎01-18-2005

hi,

thanks. will then use dynamic crypto map to map the tunnel from the source then.

sachinraja · ‎01-18-2005

hi meng,

please mark the case as solved, so that it can be helpful to others. rate replies if useful.

Raj