Discussion in 'Cisco Small Business Routers and VPN Solutions' started by ed001, Apr 22, 2006.

  ed001

    ed001

    I have a problem with my small business. Here is a quick background. I have a small business with three locations that uses an application which REQUIRES high availability to a server that is located at one of the locations. The data must be secured by a VPN. I am currently using 3.0/768 DSL at each location with static ip addresses. I have reliability issues with the DSL at all three locations but the problem is sparatic and Verizon has gone as far as sending techs out to all three locations to check the lines. All lines appear to actually be great when their techs are there. The consensus is that the sporadic outages are due to wan traffic and the fact that DSL has the lowest priority. Their suggestion is to go with T-1 which is far too costly for my small business and other lower cost lines are not available at my store locations. Cable is an option but my personal experience is sporadic outages for up to two hours at a time with my cable/data provider (which I use personally).

    My idea is to purchase a router with 2 wan ports for each location. I would use one port for DSL and one for cable. $65 and $80 for DSL and Cable modem is a much more financially acceptable alternative to the $550 T-1 suggested Plus it would provide real redundancy.

    Here is the routing problem.
    The application can only point to one ip address for the server.

    Here is my question:
    If I create a VPN between one location and the location with the server and either the DSL or Cable goes down, will the RV042/082/016 properly send the request for that 1 ip over the other that is up. Additionally, If both cable and DSL are up will I have any problems with the request sent or received twice leading to data corruption?
    In other words will they load balance the VPN (If one tunnel goes down will it try the other tunnel with the same request)?

    I would also appreciate any help with this or any other suggested solutions you may have. You should know, I've tried the Co-location thing and customer service never seems to respond fast enough and I still had outages because my store locations connections are the weak point.

    Thanks in advance for any help!!!!
    If this seems confusing or doesn't make sense, feel free to ask questions.
  RTSAnime

    RTSAnime

    Now I am not positive, but based upong the information provided at It does not appear that these routers are VPN Clients, rather VPN servers that a client would connect too. Hence you would not be able to place one at each location and set them up to talk to each other.
  DocLarge

    DocLarge

    Your talking Cisco routing now. That's something above what some of these SOHO routers are capable of doing. To get a better idea, take a look a this simulator for the RV082:

    By the way, you can set up the RV0XX router's to communicate with each other via a "site-to-site" configuration; all you'd need to do is set it up for a "gateway to gateway" connection and your routers will talk to each other. I won't comment on whether or not what you're looking for (as far as routing through load balancing) with this particular router is possible because I don't use this brand of Linksys.

    However, Ye Old Stonecat should be able to give you a little more insight once he wakes up, because he's got a stronger working knowledge of this router...

  ed001

    ed001

    Put another way(Stonecat, Help!!!)

    I figured another way to ask the question.

    1. I set up a server at on a RVXXX at one location with a DSL connection on Wan1 and a cable modem on Wan2.

    2. I install another VPN router at each of my other locations.

    3. Each of those routers have two vpn tunnels. One pointing to the DSL at the server location with a remote subnet of and the other vpn tunnel pointing to the cable modem's FQDN using the same remote subnet of

    Assuming Wan1 (DSL) on the RVXXX at the server location is chosen as the primary and the Wan2 is secondary will the router on the remote side pick the right tunnel based on connection availability at the server site? i.e. DSL is down so the application sending a request to will be sent over the VPN tunnel to the cable modem

    If not, would adding a RVXXX and a cable connection to each of the remote locations accomplish this?

    Thanks again for any further enlightenment!!!
  DocLarge

    DocLarge

    Personally, I'd have an RV0XX at "each" of my sites and connect all sites together via a vpn tunnel initially to make sure I can make the connection. After that, I'd start "fine tuning" my traffic.

    Each of (let's say) the RV082 routers can create a site-to-site tunnel connection, so after you make your purchases, try setting up tunnel connections between them first.

    Take a look at the simulator for the RV082:

    This should shed some light :)

  ed001

    ed001

    I actually have 3 wrv54g routers at each location now doing the VPN tunnels and the tunnel works fine so long as the DSL line doesn't get squirlly. And I did check out that simulator (which by the way is very cool. Thanks Doc).
    What can I do to fine tune the traffic?
    After a little research it seems that what I am trying to do is "Load Balance" the VPN tunnels for each of the wan connections. I understand that load balancing routers use more advanced routing functions to determine if the Primary Wan1 is either down or busy the routing table is smart enough to push the traffic to wan2 but will it push that traffic to the other vpn tunnel in case the other tunnel is down (due to connection loss on any wan be it the remote or local router).
    Thanks for the responses and thanks for any more help you can give.
  DocLarge

    DocLarge

    I rarely have my WRV54G on line that much anymore because my smcbr18vpn router gives me the ability to run my MS vpn server because my WRV54G doesn't pass NAT-t and GRE.

    I never really had to look at the load balancing aspect of the WRV54G. For what you're looking for, you may have to delve a little deeper into the RV082 line to find the answer. Worst case, you may have to look at a SOHO CISCO solution like the 1720 or the 871W (Wireless). Should you need to go that route, look for a guy by the name of Tom Tanderson in the Cisco forum...

  YeOldeStonecat

    YeOldeStonecat

    I've done quite a few "router to router VPN WANs" with several clients...most of them on SNET/SBC business grade DSL, I have a few stand alone clients with Verizons DSL.

    Quite a few clients using the 082 and 016 models.

    I've played with the dual WAN port ability of the RV082 series at my own home...1x DSL and 1x far as just dorking around with the load balancing and failover...but I've not setup a failover VPN tunnel setup.

    I'd go with getting a business grade DSL package from Verizon at each site....and making sure they sent you a Westell unit that can flipped over to a pure bridge.....just a plain DSL modem, no routing or other duties on the Westell unit. Business grade DSL usually gets higher priority than home grade broadband.

    Verizon can be a pain in the butt. I've had mixed experiences with them....often they can be great, other times I've battled with them for days upon days over a clients issues.

    My advice..if this is important for your business...
    *Invest in having brand new phone lines run in from the street...right up to where your DSL modem will be. It's usually not as expensive as you think, and worth eliminates lots of causes for "flakey DSL issues". I've seen it help out a lot in many cases. Even if your located in a professional center with what might appear to be a nightmare of a situation with phone can be done. Professional buildings are even more reason to do so...those phone lines have been worked on by 88 thousand different phone company know there are a few shoddy jobs in the mix.

    *Use APC battery backup units for your DSL modem and the router and switches.

    *Stick with the rv082 or 016...twice the CPU speed of the little 042 (533MHz versus..I think the 042 is 233 or 255). The 016 has twice the RAM of the 082 also (64 versus 32). I love those units...rock solid and fast.

    Running terminal service based app? Or what is the application?
  SmallOffice

    SmallOffice

    We have a similar challenge with only two locations.

    Currently, are using RV082 routers in both locations. In one location we have both DSL and Cable. In the other location, we are about to add DSL to the existing cable.

    We noticed that in the latest firmware release, it appears that Linksys has added the functionality that you (& I) are looking for:

    1. Support VPN (IPSec tunnel) Backup functionality.
    Mechanism: When the dead-peer-detection (DPD) mechanism detects that the primary VPN is no longer available, the VPN backup mechanism will be activated and try to establish a VPN connection via a user-defined WAN interface. The configuration is in the advanced setting of Gateway-to-Gateway VPN. See the online help for more information.

    Hope this helps.

  ed001

    ed001

    That is exactly what I was looking for.
    Which firmware version enables this function?
    Have you tested this functionality yet?

    Thank you SmallOffice for the info!!!!!
  SmallOffice

    SmallOffice

    Glad you found it useful.

    Here is the info on the Firmware from the Linksys website.

    RV082 - 10/100 8-Port VPN Router
    Firmware Date: 4/13/2006
    Firmware Release Version: 1.3.2
    Firmware File Size: 4.69 MB

    Firmware Downloads

    We are going to test it in a few weeks when our second location has DSL installed.

  ed001

    ed001

    Thanks again for the info. I am going to order the cable for the other locations. Please post back with your results and any words of wisdom as I will most likely be doing this setup a week after you.

    Thanks again.
