I need some help: options and/or confirmation. I planned this out w/ Cisco pre-sales consulting, now the Cisco support is saying it can't be done as planned. I know enough to understand the situation but not enough to do the configurations or know if they really have the problem and options correct.
Main Office has a T1 into a 2621XM, which is in front of an ASA5510. The remote office has a 2811 w/ 2 DSL circuits, same provider but on separate subnets. I need a VPN between the 2 offices, I either need to prioritize voice over data on 1 tunnel OR have separate tunnels for voice & data traffic over the separate DSL circuits. I would prefer 1 tunnel that uses both DSL circuits w/ prioritized voice since it provides redundancy if one DSL circuit goes down.
I am aware of the issues of voice over DSL, let's save that discussion for another day.
Cisco support is saying that you can't have 2 tunnels from the 2811 terminating on 1 IP on the 5510. My understanding of the problem as they described it: the crypto map will overlap / conflict, either the
2nd tunnel won't come up or it will come up and take down the first tunnel; because it will know the the far side IP is the same for both tunnels. Does this sound correct? If so this implies that it could be done w/ 2 routers at the remote site but not 1?Someone else has suggested bonding the 2 DSL circuits together in a multi-link or etherchannel, and running the tunnel from the multi-link or etherchannel interface to the 5510. Does this sound feasible, can you provide an example config/link?
Cisco support says my options are:
- Obtaining from my ISP a 2nd block of IP's on a different subnet to allow another WAN interface to be active on the 5510.
- Terminating 2 tunnels on the 2621instead of the 5510.
I'm not a fan of either option and aren't sure that moving the tunnels to the 2621 isn't just recreating the problem on another box, creating other security/mgmt issues and for the most part making the 5510 unnecessary.
Thanks for your help. Pls email for a better diagram in pdf format if it will help.
Ed
========================================== Main Office:
--------------------|
2621XM |-----T1 to Internet--------------------| | |
--------------------| ASA5510 |----DMZ
--------------------| | |
------------------------------------------------|
3760 Vlan1 Data & Vlan10 Voice |------------------------------------------------|
=========================================== Remote Office:
-----------------|--DSL1--to Internet
2811 |-----------------|--DSL2--to Internet | | | |--VLAN1-Data | |--VLAN10-Voice