cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
555
Views
0
Helpful
3
Replies

Firewall Load Balance using bridged mode ACE

atirak
Level 1
Level 1

Dear Folks,

I 'd like to load balance 2 ASA using 3 ACE [ Inside,outside,dmz network zone]

I 've seen sample configuration, all of them are running the ACE in the route mode, and asa are running in route mode

Would it be possible to run the ACE in the bridge Mode, because the ip subneted problem, We don't have enough to split,,

by the way if possible,All server that install behind ACE, what is default gateway should Server Point to [ in our case we have 2 independent firewall ] should I create the VIP for both firewall ? or should I just simply set the server's gateway to BVI interface, ?

Please Help Thanks

3 Replies 3

atirak
Level 1
Level 1

for your information , Here is the network diagram

Please Help Thanks

If you have the ACE devices in bridge mode, traffic from the servers will be bridged and not loabalanced to the firewall.

That does not really make sense.

You need the ACE devices in router mode so you can set your default gateway pointing to ACE and then ACE can loadbalance the request to the firewall.

You can use private subnets (10.x.x.x or 192.168.x.x) for addressing the different components - ACE && ASA.

Gilles.

Thank you very much Gilles,

You 're the man. ;-)

Another question in my case I try to load balance 3 interface firewall [inside,outside,dmz] in order to make the packet return the same firewall it has passed earlier,

What kind of hashing technique do I need to use and Do i need to use mac sticky command ???

I tried to find some configuration sample from cisco website , but i only found with only 2 interface with ACE running source hash and destination hash in each ends,

Thank you very much

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: