WAN Connection using 2 Paths, one for up one for Down?

If all the traffic from the remote office is to go to HQ, and all traffic from HQ is to go to the remote office, then where does Internet access fit in? Is it to be handled independantly at the two offices, or is one office supposed to forward Internet-bound traffic to the other office for processing? If it is to be forwarded, then you would need PIX 7.x in order to get the forwarding working.

If you intend to split traffic, two unidirectional branches, then you need to recombine the traffic before it enters the PIX, or else the PIX will only see one side of the conversation and will not be able to firewall properly (and so will drop all the TCP conversations.) The recombining is going to require a router of some kind.

Once the router is in place, directing the traffic unidirectionally would be a simple static default route pointing through the desired ISP.

On the other hand, if you want the configurations to notice that one of the paths has gone non-functional (DSL and cable don't have the greatest of reliability), then your configuration gets much more difficult!

Using two unidirectional links is also a waste of bandwidth. What you'd prefer to do is use something like OSPF with Unequal Cost Routes so that the two possible routes are used in proportion to their capacities.

Not to mention Frame T1s are 1.5 mbit full duplex (we'll see if this turns into an argument as it has in the past). So while I won't say that applications will be impacted if one side gets eaten up, I agree that load balancing with your provider is what you want to do, not split up vs. down. But given the ambiguity in internet vs. site to site connections, I'm not really sure what you are trying to do.

The main reason for the T1 was to be able to send Backups of the Office Data Offsite. Though the Remote office is really 3 homes. So the existing 1.5meg T1 is used for Internet Access mostly.

We were thinking to use the Cable/DSL for all Internet Traffic. Use the T1 for all Inter Office Traffic.

Though it would be nice at Night when the Backups happen, to take advantage of the 6meg Intetnet Connection and push the backup data to the remote location via the internet (HQ hads a 6Meg (4T1s) Connection to the Internet too).

So taking Time out of the equation, Can I have HQ send all traffic to remtoe site via Internet/VPN Have remote Site send All Traffic to the Office via Point to Point T1 Have remote Site use Local Cable/DSL for all Internet traffic.

Seems like when we had a Remote Office in Sacramento, the Route the Packets took to get to the office went pretty much directly there. Though the Route it took to get to HQ went a state away as it connected via OC3 or something.

Thanks for evey>> In article ,

Yes, you can use policy-based routing to route traffic based on a bunch of criteria, but most applicably to you is based on source or destination networks. Just be aware, and as someone has said on here recently, you face potential application issues as packets one way may be arriving much more reliably than packets in the other direction, and tcp may end up having some issues. If you are set on trying this, I would just do trial and error, and during non-critical times, before making the changes permanent.

Secondly, if these remote sites have VPNs into the main office, you would need to enable 'split tunnels' so that they can still use their local networks/connections in addition to the VPN. There are some significant security risks here, but it is possible, and I can't tell if you had a setup like this or not.

Here are two docs to help you with PBR:

Thanks for the Docs. I'll let them know what they are up against if we do this. I just wish the average internet connection was better then the typical 384K upload.

We have other sites that have Local Internet access so they use Split tunnel, so that is already configured.

Thanks again, Scott