07-16-2008 01:26 AM - edited 03-11-2019 06:15 AM
Hi, I have Two ASA Fw and two different ISP leased lines. Now I want to create VPN tunnel site to site with DC and it will work. Its fine. Now I want to use both ASA and both ISP lines will be use for both ASA boxes and I will create the Tunnel. Now if I connect my inside network with both firewall then will it work? I want load balancing between ISP links and load Balancing of VPN tunnel. The configuration is in below:-
FW 1 outside interface 1.1.1.1/24
FW 1 Inside Interface 192.168.12.1/24
FW 2 Outside interface 2.2.2.2/24
FW 2 Inside Interface 192.168.12.2
Now if I assign the gateway 192.168.12.1 on client machines then traffic moves from FW1 and if I use 192.168.12.2 then traffic will move from second Fw. Now I want the traffic will use both interface and 50-50 % traffic could divert. Is it possible then please tell us what shd i do? Will it be work if I install one router between local lan and FW. Thanks.
07-16-2008 08:27 AM
Please respond....Is it possible or not??
07-16-2008 09:44 AM
From where to where are you going to do loadbalancing?
could you show the planned topology?
07-16-2008 10:13 AM
Are you using the ASA's in an Active/Active failover?
07-16-2008 11:37 AM
No I m not using Failover. Let me clear my setup again. I have two ASA FW and Two ISP Links.
Ist ISP Links 1.1.1.1
IInd ISP Link 2.2.2.2
Inside Network 192.168.12.0/24
Now I configure one link on outside interface of first FW and second link on second FW outside Interface. And First Firewall interface IP address is 192.168.13.1 and second FW Inside Interface IP is 192.168.14.1 and both interfaces are connected with Cisco Router which has three interfaces. Router Conf is in below
Eth 0 192.168.13.2 Which is connected Ist FW
Eth 1 192.168.14.2 Which is connected IIst FW
Eth 3 192.168.12.1 which is connected my inside Network.
Static route using here
0.0.0.0 o.o.o.o 192.168.13.1
0.0.0.0 o.o.o.o 192.168.14.1
Now I create Site to site tunnel from both FW with other site which peer IP is 3.3.3.3. In this scenario, will the load balancing work between ISP links and Site to Tunnel. Thanks
07-16-2008 12:05 PM
Hi, Is it possible? Please let me know if want to know anything else. Thanks
07-16-2008 12:24 PM
??
07-16-2008 12:37 PM
possible for load balancing between 192.168.12.0/24 and internet
but you can't do loadbalancing between 192.168.12.0/24 and remote side.
07-16-2008 09:23 PM
What would be happen, if I add route command for return traffic for inside network (192.168.12.0) from remote site. Will it communicate. Thanks
07-17-2008 01:35 AM
I think you can lose half of the traffic.
The problem will be on remote site.
And you need to have identical crypto access-lists for different peers (ASA1, ASA2).
07-17-2008 02:04 AM
yeah, its not an issue. I will make crypto settings and exempt the network for both ASA FW. What wud be the issue if i go with similar configuration. I havn't two ISP lines otherwise I wud test it. Can anyone test this scenario.. Thanks
07-17-2008 09:47 AM
Anyone respond...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide