VPN: Main Office ASA5510 to Remote 2811 w/ dual DSL

I need some help: options and/or confirmation. I planned this out w/ Cisco pre-sales consulting, now the Cisco support is saying it can't be done as planned. I know enough to understand the situation but not enough to do the configurations or know if they really have the problem and options correct.

Main Office has a T1 into a 2621XM, which is in front of an ASA5510. The remote office has a 2811 w/ 2 DSL circuits, same provider but on separate subnets. I need a VPN between the 2 offices, I either need to prioritize voice over data on 1 tunnel OR have separate tunnels for voice & data traffic over the separate DSL circuits. I would prefer 1 tunnel that uses both DSL circuits w/ prioritized voice since it provides redundancy if one DSL circuit goes down.

I am aware of the issues of voice over DSL, let's save that discussion for another day.

Cisco support is saying that you can't have 2 tunnels from the 2811 terminating on 1 IP on the 5510. My understanding of the problem as they described it: the crypto map will overlap / conflict, either the

2nd tunnel won't come up or it will come up and take down the first tunnel; because it will know the the far side IP is the same for both tunnels. Does this sound correct? If so this implies that it could be done w/ 2 routers at the remote site but not 1?

Someone else has suggested bonding the 2 DSL circuits together in a multi-link or etherchannel, and running the tunnel from the multi-link or etherchannel interface to the 5510. Does this sound feasible, can you provide an example config/link?

Cisco support says my options are:

  1. Obtaining from my ISP a 2nd block of IP's on a different subnet to allow another WAN interface to be active on the 5510.
  2. Terminating 2 tunnels on the 2621instead of the 5510.

I'm not a fan of either option and aren't sure that moving the tunnels to the 2621 isn't just recreating the problem on another box, creating other security/mgmt issues and for the most part making the 5510 unnecessary.

Thanks for your help. Pls email for a better diagram in pdf format if it will help.

Ed

========================================== Main Office:

--------------------|

2621XM |-----T1 to Internet

--------------------| | |

--------------------| ASA5510 |----DMZ

--------------------| | |

------------------------------------------------|

3760 Vlan1 Data & Vlan10 Voice |

------------------------------------------------|

=========================================== Remote Office:

-----------------|--DSL1--to Internet

2811 |

-----------------|--DSL2--to Internet | | | |--VLAN1-Data | |--VLAN10-Voice

Reply to
ngqs2004
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.