We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


Can I use a Cisco VPN Appliance behind a WAN aggregator?

Medium Priority
Last Modified: 2012-05-06
I have a branch office where we are unable to get high bandwidth or reliable lines. We are forced to use DSL or WiMax. Our company model is to use a Cisco VPN device (800 router or ASA 5505) to link the office over a single line. I would like to be able to increase the available bandwidth by aggregating 2 or more lines. The ASA 5505 can do failover use of a second WAN line, but not load balancing.

After speaking with someone from Fatpipe they seemed to be telling me that I could use their Xtreme aggregator with our Cisco VPN appliance seamlessly. Are they telling the truth? I am not a Cisco or VPN expert but how can the aggregator possible drive the VPN over 2 separate lines? Would this not require another of their devices on the other end?

Any advice on whether it is possible to aggregate in FRONT of a VPN Appliance would be helpful. Also confirming that using an aggregator with built in ipSec is the only option would be helpful. The reason for trying to find a seamless solution is that our corporate security setup is not that flexible and the troubles in my region are fairly unique.

Thank You.
Watch Question

If both WAN links have different IP's assigned to them:
- A specific rule would have to be set in the aggregator to make all VPN traffic go out the one link

If both WAN links are from the one ISP and essentially a round-robin set up with 1 WAN IP:
- Using the aggregator would be fine.

Without doing one of the above,

A Cisco GRE/IPSEC VPN requires set endpoints, and if you've got one DSL WAN link with IP x.x.x.x and one WiMAX WAN link with IP y.y.y.y all plugged into an aggregator, the other side of the VPN will see the traffic for one VPN comming from 2 WAN IP's - not good.

I doubt very much that it'll work seemlessly, you MAY be able to get it going with some tweaking, funky ACLs and routing but it'd be too much trouble for what it's worth - and it may be rather unstable.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


Thank you for input. I suspect I will have to look at a device that can create it's own VPN tunnel on each WAN link and load balance between the two. I will leave this open for a bit longer to see if anyone else has any thoughts. Thank you!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.