Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
799
Views
18
Helpful
7
Replies

Outgoing load balancing with dual ISP

dd99onedd
Level 1
Level 1

‎02-11-2008 12:58 PM - edited ‎03-11-2019 05:01 AM

Hi,

I have a few questions on load balancing OUTGOING internet traffic through the ASA5540 firewall running code version 7.2. My company has 2 internet links going to the same ISP and the firewalls are running in active/standby mode. I would like to load balance OUTGOING internet traffic through 2 different edge routers. The outside interface of the firewall and the internal interface of both edge routers are on the same subnet. Here's a quick diagram of

my setup:

---------------->Router A -->internet connection A, same ISP as B

asa5540

---------------->Router B -->internet connection B, same ISP as A

Questions:

1. Can I use 2 static routes on the ASA5540 to do outgoing load balancing? If so, is there a way to configure the firewall to track internet link failure.

2. Code 7.x supports OSPF and RIP. If I use OSPF, is it recommended to inject a default route through both edge routers into my internal network to do load balancing?

3. What is the recommended way to configure outgoing load balancing with dual internet links going to the same ISP.

Labels:
0 Helpful
7 Replies 7

abinjola
Cisco Employee
Cisco Employee

‎02-12-2008 06:08 AM

--you cannot configure load balancing on ASA

It cannot have two default gateway to route/load balance/traffic-shape at the same time

Though ISP fall back is supported :-

http://cisco.com/en/US/docs/security/asa/asa72/configuration/guide/examples.html#wp1038632

--Place a small scale 1841 upstream to your ASA, to load balance your traffic point the entire traffic from ASA to the router and on 1841 you may do a policy based routing or load balancing

abinjola
Cisco Employee
Cisco Employee

‎02-12-2008 08:34 AM

thanks for da HIGH 5 !!!;-)

0 Helpful

m.volodko
Level 1
Level 1

‎02-12-2008 01:18 PM

My 5 cents for this.

Why don't you configure glbp on your routers?

Didn't test but looks like a simplest solution.

abinjola
Cisco Employee
Cisco Employee
In response to m.volodko

‎02-12-2008 01:33 PM

5 cents ?..

..NO !! GLBP is not a feasible solution here..Gateway Load Balancing Protocol feature provides automatic router backup for IP hosts configured with a single default gateway on an IEEE 802.3 LAN....just like VRRP/HSRP..moreover not supported on 1800 series

we are not looking for router backup failure...we are looking for load sharing rather

m.volodko
Level 1
Level 1
In response to abinjola

‎02-12-2008 01:47 PM

Difference between hsrp and glbp that instead of hsrp, glbp can operate like active/active solution. Well, can be useful for this.

As I see in feature navigator 1800 series supports glbp.

Requester, you can check this links:

http://cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6600/product_data_sheet0900aecd803a546c.html

http://cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6550/prod_presentation0900aecd801790a3_ps6600_Products_Presentation.html

there is noticed that 18xx not supported, but in feature navigator i see different info.

abinjola
Cisco Employee
Cisco Employee
In response to m.volodko

‎02-12-2008 01:55 PM

1800 series not supporting GLBP :-

http://cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html

0 Helpful

m.volodko
Level 1
Level 1
In response to abinjola

‎02-12-2008 02:08 PM

As I said, in documents noticed that 18xx not support glbp, but in feature navigator I see:

http://img227.imageshack.us/img227/4702/fnglbphc9.jpg

Any way, why did you decide that requester has 18xx routers? In original post it doesn't mentioned. He has just one asa5540 and two of "who knows" routers.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card