Load balancing with asa and incoming connections

Unanswered Question
Apr 29th, 2010

Hello,

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Κανονικός πίνακας"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}

We have an ASA5510 connected from one outside interface to three adsl routers through a switch, all of them in the same subnet. As far as I know, adding three default routes pointing to the IP addresses of these routers will make the asa try to load balance outgoing traffic.

We have remote users connecting to a server using remote desktop, so I have forwarded port 3389 from all routers to asa and from asa to the server’s ip. If I configure only one default route to any of the routers, remote users can connect using that router. If I enable all three default routes, users cannot connect to none router. I am guessing this is because asa send traffic back to remote user through other router, due to load balancing. Is there a way to make it work?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

I have never seen a deployment where you give 3 different default routes.  Someone may have gotten it to work, but normally what will happen is what you are experiencing.  If you ran a packet sniffer this is what I would expect to see.

Packet 1 goes out ROUTERA

Packet 2 goes out ROUTERB

Paclet 3 goes out ROUTER C

If packet was session then it would work but since all three of those packets need to reassemble on the other side they will not be able to because they won't match and thus traffic will constantly break down and fail.  Even if some traffic goes thru not all traffic will work.

traditionally what you need to do is configure a single ip address that then load balances the 3 other ip address'.  I do not believe the ASA has a load balance feature.  To be sure i did a search and found this post with a Cisco Employee stating that the ASA's do not have load balancing.

https://supportforums.cisco.com/message/3052825

Sorry to be the bearer of bad news.

arkatsikaplan Thu, 04/29/2010 - 12:33

Thanks for the quick reply. So is there any way I can use all three routers with the asa, while remote users can still user remote desktop? We also have a spare cisco 876W router. Can I use it for load balancing if I add it between the asa and the three routers?

Actions

This Discussion

Related Content