ASA with A/A and three router for ISP LINks

Answered Question
Mar 1st, 2007

Can anyone help me , I have a problem I need to connect two ASAs with Active-active and I have three routers for three ISPs , How can I achieve the Gateway redundancy and Load Balancing.

and can I use private range from router to ASA.

Other Question is do I really need host based proxy server to acces internet.

Plz help me/

Regards

I have this problem too.
0 votes
Correct Answer by ROBERTO TACCON about 9 years 7 months ago

A solution is to use the GLBP protocol on routers (OSPF in not available in A/A ...).

"GLBP provides load balancing over multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses. Each host is configured with the same virtual IP address, and all routers in the virtual router group participate in forwarding packets."

glbp group load-balancing [host-dependent | round-robin | weighted]

(see the cisco IOS feature navigator for IOS and hardware avail.) .

http://www.cisco.com/en/US/products/ps6550/products_white_paper09186a00801541c8.shtml

HTH.

Roberto

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
ROBERTO TACCON Fri, 03/02/2007 - 12:00

A solution is to use the GLBP protocol on routers (OSPF in not available in A/A ...).

"GLBP provides load balancing over multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses. Each host is configured with the same virtual IP address, and all routers in the virtual router group participate in forwarding packets."

glbp group load-balancing [host-dependent | round-robin | weighted]

(see the cisco IOS feature navigator for IOS and hardware avail.) .

http://www.cisco.com/en/US/products/ps6550/products_white_paper09186a00801541c8.shtml

HTH.

Roberto

amit.seth Sat, 03/03/2007 - 00:44

HI first of all i would like to thank to you for

such a great response,

I have a doubt again . As I know for Glbp to work you should have same subnet in your internal link of routers and ASAs , can I use private range and do the natting on ASA. As we have three ISPs with different range .

can you give me a link for A/A failover and for such type of scenarios. or document something.

It would be a great .

take care

Regards

ROBERTO TACCON Sat, 03/03/2007 - 07:09

Have you consider to use public IP addr. on the inside interfaces (the interfaces vs the ASA outside) of your rotuers on the same subnet?

If you have routers A, B and C (and you have enough numbers of public ip addr.) you can use the public IP subnet of A also on the eth interface of B and C and configure the GLBP on this subnet.

Active/Active Failover for ASA 5500

http://www.cisco.com/E-Learning/bulk/public/celc/Cisco_QLM6_ASA_beta/course_skin.html

Online Learning Modules

http://www.cisco.com/en/US/products/ps6120/tsd_products_support_online_learning_modules_list.html

Configuration Examples and TechNotes

http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

Regards.

Actions

This Discussion