Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
400
Views
0
Helpful
2
Replies

reg:asa 5505 suggession

vasuramnet
Level 1
Level 1

‎01-08-2010 04:12 AM - edited ‎03-11-2019 09:54 AM

Dear sir,

I have a leased line 2mb and adsl broad band 2mb now i want to keep these two lines in one firewall and i want loadbalance and ethernet failover for this asay 5505 is sufficiant or i want any extra license for this

plz clarify.

Thanks&Regards

srini

Labels:
0 Helpful
2 Replies 2

Dileep Sivadas Padmini
Level 1
Level 1

‎01-08-2010 04:57 AM

You need to have security plus license for  ASA 5505 to do Active / Standby failover and it will not support load balancing.

For load balancing you need Active/Active topology ASA 5505 does not support this.  It can not do the load balancing, only thing you can do is run multiple virtual firewall on a failover group. In Active/Active setup you will not get the VPN feature.

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

check the above URL for more info regarding specifications.

I have missed something.

If your are talking about internet traffic load balancing i am not sure about that , but you can configure a backup line using IP SLA and static route tracking.

0 Helpful

vilaxmi
Cisco Employee
Cisco Employee

‎01-09-2010 02:55 PM

Dear sir,

I have a leased line 2mb and adsl broad band 2mb now i want to keep these two lines in one firewall and i want loadbalance and ethernet failover for this asay 5505 is sufficiant or i want any extra license for this

plz clarify.

Thanks & Regards

srini

I see that you wish to USE both lines to internet SIMULTANEOUSLY for users behind ASA 5505 to go to internet. I would like to inform you that ASA (any platform) does not support Load Balancing or any Policy Based routing of any sorts at this point of time. Please see the FAQ in the link below :

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml

Although, there is a workaround where you can pass all your web/SMTP (ANY STATIC PORT TRAFFIC) through one LINK and rest other traffic thruough other link :

nat (inside) 1 0 0

global (outside_1) 1 interface

global (outside_2) 1 interface

route outside_1 0.0.0.0 0.0.0.0

route outside_2 0.0.0.0 0.0.0.0 2

static (outside_2,inside) tcp 0.0.0.0 www 0.0.0.0 www netmask 0.0.0.0

static (outside_2,inside) tcp 0.0.0.0 smtp 0.0.0.0 smtp netmask 0.0.0.0
static (outside_1,inside)  0.0.0.0  0.0.0.0  netmask 0.0.0.0

HTH

Vijaya

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card