Using two EoIP tunnels to load balance IPSec VPN among 2 WAN

leonset · March 17, 2011, 9:07am

Hello,

I’m trying to figure out a way to load balance and failover an IPSec VPN among my remote office (2 ISP) and my central office (one ISP).

I’m thinking on setting up two EoIP tunnel at the remote office, each one using one ISP, and then create a bonding with both. Then, I would add an IP to the bonding and set up IPSec policy to use that as source IP. I believe that I should set IPSec in transport mode instead of tunnel mode, no sure at this point…

Should that work? Has anyone tested something like that? Is there any other way to create an IPSec tunnel among 2 or more WAN’s?

Thank you!

jtroybailey · March 17, 2011, 12:11pm

you would setup IPSEC on each WAN IP address, as far as i know, thats the only help i can offer so far.

leonset · March 17, 2011, 12:35pm

Yeah, but you can’t have the same policy for both WAN’s… You have to split the traffic among 2 tunnels somehow: source/dest TCP ports, source/dest IP addresses… So you don’t get “real” load balancing in realtime, but a “manual” load balancing at configuration time.

Thanks!

leonset · March 23, 2011, 4:17pm

Hi!

Does anyone else have any suggestion? Would be greatly appreciated!

Thanks in advance.