Firewall Load Balance using bridged mode ACE

Unanswered Question
Jun 25th, 2008

Dear Folks,

I 'd like to load balance 2 ASA using 3 ACE [ Inside,outside,dmz network zone]

I 've seen sample configuration, all of them are running the ACE in the route mode, and asa are running in route mode

Would it be possible to run the ACE in the bridge Mode, because the ip subneted problem, We don't have enough to split,,

by the way if possible,All server that install behind ACE, what is default gateway should Server Point to [ in our case we have 2 independent firewall ] should I create the VIP for both firewall ? or should I just simply set the server's gateway to BVI interface, ?

Please Help Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Wed, 06/25/2008 - 21:58

If you have the ACE devices in bridge mode, traffic from the servers will be bridged and not loabalanced to the firewall.

That does not really make sense.

You need the ACE devices in router mode so you can set your default gateway pointing to ACE and then ACE can loadbalance the request to the firewall.

You can use private subnets (10.x.x.x or 192.168.x.x) for addressing the different components - ACE && ASA.


atirak Wed, 06/25/2008 - 22:29

Thank you very much Gilles,

You 're the man. ;-)

Another question in my case I try to load balance 3 interface firewall [inside,outside,dmz] in order to make the packet return the same firewall it has passed earlier,

What kind of hashing technique do I need to use and Do i need to use mac sticky command ???

I tried to find some configuration sample from cisco website , but i only found with only 2 interface with ACE running source hash and destination hash in each ends,

Thank you very much


This Discussion