Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Firewall Load Balance using bridged mode ACE

Dear Folks,

I 'd like to load balance 2 ASA using 3 ACE [ Inside,outside,dmz network zone]

I 've seen sample configuration, all of them are running the ACE in the route mode, and asa are running in route mode

Would it be possible to run the ACE in the bridge Mode, because the ip subneted problem, We don't have enough to split,,

by the way if possible,All server that install behind ACE, what is default gateway should Server Point to [ in our case we have 2 independent firewall ] should I create the VIP for both firewall ? or should I just simply set the server's gateway to BVI interface, ?

Please Help Thanks

3 REPLIES
New Member

Re: Firewall Load Balance using bridged mode ACE

for your information , Here is the network diagram

Please Help Thanks

Cisco Employee

Re: Firewall Load Balance using bridged mode ACE

If you have the ACE devices in bridge mode, traffic from the servers will be bridged and not loabalanced to the firewall.

That does not really make sense.

You need the ACE devices in router mode so you can set your default gateway pointing to ACE and then ACE can loadbalance the request to the firewall.

You can use private subnets (10.x.x.x or 192.168.x.x) for addressing the different components - ACE && ASA.

Gilles.

New Member

Re: Firewall Load Balance using bridged mode ACE

Thank you very much Gilles,

You 're the man. ;-)

Another question in my case I try to load balance 3 interface firewall [inside,outside,dmz] in order to make the packet return the same firewall it has passed earlier,

What kind of hashing technique do I need to use and Do i need to use mac sticky command ???

I tried to find some configuration sample from cisco website , but i only found with only 2 interface with ACE running source hash and destination hash in each ends,

Thank you very much

248
Views
0
Helpful
3
Replies