02-11-2008 12:58 PM - edited 03-11-2019 05:01 AM
Hi,
I have a few questions on load balancing OUTGOING internet traffic through the ASA5540 firewall running code version 7.2. My company has 2 internet links going to the same ISP and the firewalls are running in active/standby mode. I would like to load balance OUTGOING internet traffic through 2 different edge routers. The outside interface of the firewall and the internal interface of both edge routers are on the same subnet. Here's a quick diagram of
my setup:
---------------->Router A -->internet connection A, same ISP as B
asa5540
---------------->Router B -->internet connection B, same ISP as A
Questions:
1. Can I use 2 static routes on the ASA5540 to do outgoing load balancing? If so, is there a way to configure the firewall to track internet link failure.
2. Code 7.x supports OSPF and RIP. If I use OSPF, is it recommended to inject a default route through both edge routers into my internal network to do load balancing?
3. What is the recommended way to configure outgoing load balancing with dual internet links going to the same ISP.
02-12-2008 06:08 AM
--you cannot configure load balancing on ASA
It cannot have two default gateway to route/load balance/traffic-shape at the same time
Though ISP fall back is supported :-
http://cisco.com/en/US/docs/security/asa/asa72/configuration/guide/examples.html#wp1038632
--Place a small scale 1841 upstream to your ASA, to load balance your traffic point the entire traffic from ASA to the router and on 1841 you may do a policy based routing or load balancing
02-12-2008 08:34 AM
thanks for da HIGH 5 !!!;-)
02-12-2008 01:18 PM
My 5 cents for this.
Why don't you configure glbp on your routers?
Didn't test but looks like a simplest solution.
02-12-2008 01:33 PM
5 cents ?..
..NO !! GLBP is not a feasible solution here..Gateway Load Balancing Protocol feature provides automatic router backup for IP hosts configured with a single default gateway on an IEEE 802.3 LAN....just like VRRP/HSRP..moreover not supported on 1800 series
we are not looking for router backup failure...we are looking for load sharing rather
02-12-2008 01:47 PM
Difference between hsrp and glbp that instead of hsrp, glbp can operate like active/active solution. Well, can be useful for this.
As I see in feature navigator 1800 series supports glbp.
Requester, you can check this links:
there is noticed that 18xx not supported, but in feature navigator i see different info.
02-12-2008 01:55 PM
1800 series not supporting GLBP :-
http://cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html
02-12-2008 02:08 PM
As I said, in documents noticed that 18xx not support glbp, but in feature navigator I see:
http://img227.imageshack.us/img227/4702/fnglbphc9.jpg
Any way, why did you decide that requester has 18xx routers? In original post it doesn't mentioned. He has just one asa5540 and two of "who knows" routers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide