Load Balancing between two ISP Links including VPN Traffic.

Unanswered Question
Sep 15th, 2010

Hello Experts:

We have Cisco ASA 5505 being used for our office and there are two ISP links where-on we configured first ISP link as a primary link and second connection for failover but second link is useless as firewall doesn’t support load balancing between the links.

There are around 10 sites are connected through VPN which are configured with primary link. I tried to configure the STS Tunnel on secondary link so that if primary link goes fail then the remote sites which are configured on STS Tunnel to be accessible by second ISP link but we can’t allow the same as well and internet will only work when the primary link goes down.

Now, we are planning to put the other device/appliance so that two bandwidths share the traffic and are fully redundant and I supposed Juniper firewall supports the same, if yes then pls. advice to go with that. I would also ask from experts if there is another alternative solution they would suggest for that.


Vinay Gupta

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Wed, 09/15/2010 - 17:21

The ASA as you mentioned will not load balance traffic between internet links.

The ASA can do some load balancing if configured in multiple context mode (but it will not support VPN and has other limitations as well).

If you place a router, then the router can load balance the traffic and depending on the IOS can handle the VPNs as well.



This Discussion