Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1684
Views
0
Helpful
6
Replies

VPN spanned over two WAN connections on Cisco ASA?

Go to solution
gareth_r52
Level 1
Level 1

‎02-24-2012 09:32 PM

Hello,

I have a quick question for you guys, as I'm not too sure if you can do this.

Basically, we are connecting two offices together and need higher bandwidth between the sites over VPN. The main site has a leased line and the remote site has an SDSL connection with a secondary ADSL line with a different provider, set in failover mode.

There is a Cisco ASA 5520 at main branch and 5510 at remote, with a site-to-site VPN between sites.  Is it possible to use the failover line to increase our bandwidth over the site-to-site VPN? What I mean by this, is create a VPN link combined over the two WANs?

Draytek have a feature on their 2930 series that allows you to do this called VPN Trunk/Bonding. I was wondering if this is possible on the Cisco ASA? If not, is there anyway I could achive this with any additional hardware? I don't want to use the Draytek for the mainsite, obviously because the load would probably kill it but I'm not against using this at the remote site infront of the ASA.

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-25-2012 08:48 AM

There's no ASA feature that does what you're asking, AFAIK.

Depending on your traffic profile, you might be able to hack a solution by creating two site-site VPNs (one via SDSL and the oher via the ADSL) and applying the cryptomap for some traffic to the one and the rest of the traffic to the other one.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-25-2012 08:48 AM

There's no ASA feature that does what you're asking, AFAIK.

Depending on your traffic profile, you might be able to hack a solution by creating two site-site VPNs (one via SDSL and the oher via the ADSL) and applying the cryptomap for some traffic to the one and the rest of the traffic to the other one.

0 Helpful

Go to solution
gareth_r52
Level 1
Level 1
In response to Marvin Rhoads

‎02-25-2012 07:13 PM

Thats what I thought, the only way I can see it working is if I got the draytek to create the tunnels and then have the ASA sit behind it as a firewall. Not sure if the Draytek requires another Draytek on the other site though.

Thanks for confirming this. Shame the ASA's don't support a little more really, one of the other things I miss for a smaller office is the DNS proxy/cache which can be found on IOS devices.

0 Helpful

Go to solution
vaibhav58
Level 1
Level 1
In response to Marvin Rhoads

‎02-02-2017 11:51 PM

Hi Marvin,

Is it possible to use ECMP for this?

Regards

Vaibhav

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to vaibhav58

‎02-03-2017 02:24 AM

Nice thought but ECMP is not spported across multiple interfaces.

Source:

http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/115986-asa-eqm-products-configuration-example.html

0 Helpful

Go to solution
vaibhav58
Level 1
Level 1
In response to Marvin Rhoads

‎02-03-2017 03:48 AM

Hi Marvin,

I just read somewhere 

Starting with Asa 9.3.2 Asa supports 8 ecmp routes over multiple interfaces using zones

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to vaibhav58

‎02-03-2017 06:10 AM

Good catch - you might be able to get that to work.

Let us know how it works out if you get an opportunity to try it.

0 Helpful
Customers Also Viewed These Support Documents