reg:asa 5505 suggession

Unanswered Question
Jan 8th, 2010
User Badges:

Dear sir,


I have a leased line 2mb and adsl broad band 2mb now i want to keep these two lines in one firewall and i want loadbalance and ethernet failover for this asay 5505 is sufficiant or i want any extra license for this


plz clarify.


Thanks&Regards

srini

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Dileep Sivadas ... Fri, 01/08/2010 - 04:57
User Badges:

You need to have security plus license for  ASA 5505 to do Active / Standby failover and it will not support load balancing.


For load balancing you need Active/Active topology ASA 5505 does not support this.  It can not do the load balancing, only thing you can do is run multiple virtual firewall on a failover group. In Active/Active setup you will not get the VPN feature.


http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html


check the above URL for more info regarding specifications.


I have missed something.


If your are talking about internet traffic load balancing i am not sure about that , but you can configure a backup line using IP SLA and static route tracking.

vilaxmi Sat, 01/09/2010 - 14:55
User Badges:
  • Cisco Employee,

Dear sir,

I have a leased line 2mb and adsl broad band 2mb now i want to keep these two lines in one firewall and i want loadbalance and ethernet failover for this asay 5505 is sufficiant or i want any extra license for this

plz clarify.

Thanks & Regards

srini


I see that you wish to USE both lines to internet SIMULTANEOUSLY for users behind ASA 5505 to go to internet. I would like to inform you that ASA (any platform) does not support Load Balancing or any Policy Based routing of any sorts at this point of time. Please see the FAQ in the link below :


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml


Although, there is a workaround where you can pass all your web/SMTP (ANY STATIC PORT TRAFFIC) through one LINK and rest other traffic thruough other link :


nat (inside) 1 0 0

global (outside_1) 1 interface

global (outside_2) 1 interface


route outside_1 0.0.0.0 0.0.0.0

route outside_2 0.0.0.0 0.0.0.0 2


static (outside_2,inside) tcp 0.0.0.0 www 0.0.0.0 www netmask 0.0.0.0

static (outside_2,inside) tcp 0.0.0.0 smtp 0.0.0.0 smtp netmask 0.0.0.0
static (outside_1,inside)  0.0.0.0  0.0.0.0  netmask 0.0.0.0


HTH


Vijaya

Actions

This Discussion