Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 661
  • Last Modified:

Can I use a Cisco VPN Appliance behind a WAN aggregator?

I have a branch office where we are unable to get high bandwidth or reliable lines. We are forced to use DSL or WiMax. Our company model is to use a Cisco VPN device (800 router or ASA 5505) to link the office over a single line. I would like to be able to increase the available bandwidth by aggregating 2 or more lines. The ASA 5505 can do failover use of a second WAN line, but not load balancing.

After speaking with someone from Fatpipe they seemed to be telling me that I could use their Xtreme aggregator with our Cisco VPN appliance seamlessly. Are they telling the truth? I am not a Cisco or VPN expert but how can the aggregator possible drive the VPN over 2 separate lines? Would this not require another of their devices on the other end?

Any advice on whether it is possible to aggregate in FRONT of a VPN Appliance would be helpful. Also confirming that using an aggregator with built in ipSec is the only option would be helpful. The reason for trying to find a seamless solution is that our corporate security setup is not that flexible and the troubles in my region are fairly unique.

Thank You.
1 Solution
If both WAN links have different IP's assigned to them:
- A specific rule would have to be set in the aggregator to make all VPN traffic go out the one link

If both WAN links are from the one ISP and essentially a round-robin set up with 1 WAN IP:
- Using the aggregator would be fine.

Without doing one of the above,

A Cisco GRE/IPSEC VPN requires set endpoints, and if you've got one DSL WAN link with IP x.x.x.x and one WiMAX WAN link with IP y.y.y.y all plugged into an aggregator, the other side of the VPN will see the traffic for one VPN comming from 2 WAN IP's - not good.

I doubt very much that it'll work seemlessly, you MAY be able to get it going with some tweaking, funky ACLs and routing but it'd be too much trouble for what it's worth - and it may be rather unstable.
nordicatechnologyAuthor Commented:
Thank you for input. I suspect I will have to look at a device that can create it's own VPN tunnel on each WAN link and load balance between the two. I will leave this open for a bit longer to see if anyone else has any thoughts. Thank you!

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now