For Cisco Security processional

Unanswered Question
Nov 2nd, 2014
User Badges:

I have new internet connection line and i want to connect it with the primary internet connection through ASA 5510 ver 9.1

Kindly i need ideas

the first line is  working fine and want to implement the second line for load sharing purpose

 

Regards

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marvin Rhoads Sun, 11/02/2014 - 11:21
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Cisco ASA firewalls do not support dynamic load sharing via multiple interfaces.

You can setup one to be a backup for the other but for true load sharing you need a router that terminates both lines and uses mechanisms like policy-based routing or BGP with full route tables to make decisions based on things like best path to a given destination.

eng.taher_gabr Sun, 11/02/2014 - 22:31
User Badges:

HI Mr.Marvin

you are right ASA firewall not supporting load sharing ,

I like to tell you the whole situation :-

I have internet line through cisco router 3825 connected to ASA 5510 ver 9.1 then ( the ASA Inside Connected to untrusted interface Palo Alto Firewall then the trusted interface palo alto connected to core swithc 4506 E and to the inside network)

so , i have new internet line and i want to use the two lines at the same time between users with the same network design,,

 

please help about this  

Marvin Rhoads Sun, 11/09/2014 - 06:36
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

So in the situation you described the second Internet connection would go to the 3825 router. There you would let the routing protocol (e.g. BGP) dynamically choose the best path based on the configured BGP metrics. This would depend on taking a full routing table and not simply a default route.

You could also optionally use a more advanced feature like Performance Routing (PfR) in the 3825.

In either case, the ASA would have a default route to the 3825 and not have any part in making the choice between path A and path B.

Actions

This Discussion