02-13-2010 08:58 AM
Hi I was wondering if anyone could point me in the right direction in terms of design in order to acheive firewall loadbalancing utilizing the Cisco IOS SLB in the Catalyst 6500. The plan is to have two 6500s (VSS) and two ASA 5580. Is this even possible without the ACE module or appliance. Anyones input would be greatly appreciated, thanks.
02-13-2010 09:18 AM
Hi I was wondering if anyone could point me in the right direction in terms of design in order to acheive firewall loadbalancing utilizing the Cisco IOS SLB in the Catalyst 6500. The plan is to have two 6500s (VSS) and two ASA 5580. Is this even possible without the ACE module or appliance. Anyones input would be greatly appreciated, thanks.
Hi Mario,
Cisco IOS SLB can be used to load balance the traffic between the firewall check out the below link on cisco ios slb it clears says it supports :-
and without cisco ios slb you can also achive active/standby or active/active failover configuration in ASA also check out the below link on failover configuration of ASA.
If helpful do rate the post
Ganesh.H
02-14-2010 08:24 AM
Thanks for your response. I really need both firewalls to be active at the same time but not with the typical active/active in terms of context. I need both to be on the same subnet for both outisde and inside with different IP addresses and the same rules and a means to load balance traffic to them. What would be most helpful would be some kind of a design guide to help with the logical and physical layout and to ensure that I can get the throughput required. Can anyone point me to that? thanks.
02-14-2010 08:50 AM
Thanks for your response. I really need both firewalls to be active at the same time but not with the typical active/active in terms of context. I need both to be on the same subnet for both outisde and inside with different IP addresses and the same rules and a means to load balance traffic to them. What would be most helpful would be some kind of a design guide to help with the logical and physical layout and to ensure that I can get the throughput required. Can anyone point me to that? thanks.
Hi,
It can be achiveable you need to be very clear with your traffic flow like let say you have inside zone traffic to outside zone using both active firewall.The data flow will be like this your firewall load balancer will be the gateway for all zone traffic once traffic comes to load balancer it will decide to which firewall to send the traffic based on the alogorithm configured in farm.
And from firewall traffic will scanned as per the rule base then traffic needs to be land again in load balancer particular zone interface for other routing purpose.Here both the firewall will be identical in configuartion with different ip's in different zones.
Hope that help !!
If helpful do rate the post
Ganesh.H
02-14-2010 10:44 AM
Thanks, that sounds like exactly what I want to achieve. I would like traffic destined for the server farm from the internal networks to be firewalled and to load balance that traffic as wel, so as you said I would like "both the firewall will be identical in configuration with different ip's in different zones".
Can this be acheived with Cisco IOS SLB or would I need the ACE module. I am trying to satisfy the following requirement
"Core firewall solution shall support static and dynamic filtering for selected traffic, the configuration shall be such as to load balance inspected traffic, with combined minimum transactional throughput of 10Gbps"
I have been looking but I have not seen any design guides, do you know of any? thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: