ASA TO ASA: Load Balancing over VPN and lease line

Unanswered Question
Aug 13th, 2008


I have 2 ASA 5510 firewalls on each site lets say ASA-1 on first site and the ASA-2 on the second site.

ASA-1 has the LAN subnet and the ASA-2 has the LAN subnet

The 2 ASA's are connected through the lease line which has the cisco routers at each end. leaseline routers are in the LAN subnet.

I have successfully managed to provide the redundacy through VPN if the lease line goes down by using static routes with metric 1 via lease line using tracking and metric 2 via vpn.

Now I want to do the loadbalancing on these 2 links. e.g if the protocol is http then use the vpn and for all other traffic use the lease line. Is there is any way i can do that on these firewalls?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marwan ALshawi Wed, 08/13/2008 - 05:59

this can basicaly be achived via PBR policy based routing, but unfortunatly the feature not supported on cisco firewalls

but as i was reading through

i came acroos and idea

if u have servers on the remote site

u can make static nating for those servers

lets say u have web server make static nat for it

and then on ur asa add explicit route to that ip so in this case u gonna make all traffic to the web server through one interface and all other traffic through other intrface with the same stratigy u are useing multiple static route

jus an idea

good luck

please, if helpful rate

t4tauseef33 Mon, 08/18/2008 - 04:06

in this case, i will lose the redundancy. Secondly i have the big infrastructure with the centralized domain controllers, dns but local dhcp servers. different ip will create a lot of problems for the domain integration. Any other helpfull suggestion? Anways thanks for the reply. looking forward for another solution.


This Discussion