Outgoing load balancing with dual ISP

Unanswered Question
Feb 11th, 2008

Hi,

I have a few questions on load balancing OUTGOING internet traffic through the ASA5540 firewall running code version 7.2. My company has 2 internet links going to the same ISP and the firewalls are running in active/standby mode. I would like to load balance OUTGOING internet traffic through 2 different edge routers. The outside interface of the firewall and the internal interface of both edge routers are on the same subnet. Here's a quick diagram of

my setup:

---------------->Router A -->internet connection A, same ISP as B

asa5540

---------------->Router B -->internet connection B, same ISP as A

Questions:

1. Can I use 2 static routes on the ASA5540 to do outgoing load balancing? If so, is there a way to configure the firewall to track internet link failure.

2. Code 7.x supports OSPF and RIP. If I use OSPF, is it recommended to inject a default route through both edge routers into my internal network to do load balancing?

3. What is the recommended way to configure outgoing load balancing with dual internet links going to the same ISP.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.3 (6 ratings)
Loading.
abinjola Tue, 02/12/2008 - 06:08

--you cannot configure load balancing on ASA

It cannot have two default gateway to route/load balance/traffic-shape at the same time

Though ISP fall back is supported :-

http://cisco.com/en/US/docs/security/asa/asa72/configuration/guide/examples.html#wp1038632

--Place a small scale 1841 upstream to your ASA, to load balance your traffic point the entire traffic from ASA to the router and on 1841 you may do a policy based routing or load balancing

m.volodko Tue, 02/12/2008 - 13:18

My 5 cents for this.

Why don't you configure glbp on your routers?

Didn't test but looks like a simplest solution.

abinjola Tue, 02/12/2008 - 13:33

5 cents ?..

..NO !! GLBP is not a feasible solution here..Gateway Load Balancing Protocol feature provides automatic router backup for IP hosts configured with a single default gateway on an IEEE 802.3 LAN....just like VRRP/HSRP..moreover not supported on 1800 series

we are not looking for router backup failure...we are looking for load sharing rather

m.volodko Tue, 02/12/2008 - 13:47

Difference between hsrp and glbp that instead of hsrp, glbp can operate like active/active solution. Well, can be useful for this.

As I see in feature navigator 1800 series supports glbp.

Requester, you can check this links:

http://cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6600/product_data_sheet0900aecd803a546c.html

http://cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6550/prod_presentation0900aecd801790a3_ps6600_Products_Presentation.html

there is noticed that 18xx not supported, but in feature navigator i see different info.

Actions

This Discussion