ASA TO ASA: Load Balancing over VPN and lease line

t4tauseef33 · ‎08-13-2008

Hi

I have 2 ASA 5510 firewalls on each site lets say ASA-1 on first site and the ASA-2 on the second site.

ASA-1 has the LAN subnet 10.1.0.0/16 and the ASA-2 has the LAN subnet 10.2.0.0/16.

The 2 ASA's are connected through the lease line which has the cisco routers at each end. leaseline routers are in the LAN subnet.

I have successfully managed to provide the redundacy through VPN if the lease line goes down by using static routes with metric 1 via lease line using tracking and metric 2 via vpn.

Now I want to do the loadbalancing on these 2 links. e.g if the protocol is http then use the vpn and for all other traffic use the lease line. Is there is any way i can do that on these firewalls?

Marwan ALshawi · ‎08-13-2008

this can basicaly be achived via PBR policy based routing, but unfortunatly the feature not supported on cisco firewalls

but as i was reading through

i came acroos and idea

if u have servers on the remote site

u can make static nating for those servers

lets say u have web server make static nat for it

and then on ur asa add explicit route to that ip so in this case u gonna make all traffic to the web server through one interface and all other traffic through other intrface with the same stratigy u are useing multiple static route

jus an idea

good luck

please, if helpful rate

t4tauseef33 · ‎08-18-2008

in this case, i will lose the redundancy. Secondly i have the big infrastructure with the centralized domain controllers, dns but local dhcp servers. different ip will create a lot of problems for the domain integration. Any other helpfull suggestion? Anways thanks for the reply. looking forward for another solution.