06-25-2008 01:11 PM
Dear Folks,
I 'd like to load balance 2 ASA using 3 ACE [ Inside,outside,dmz network zone]
I 've seen sample configuration, all of them are running the ACE in the route mode, and asa are running in route mode
Would it be possible to run the ACE in the bridge Mode, because the ip subneted problem, We don't have enough to split,,
by the way if possible,All server that install behind ACE, what is default gateway should Server Point to [ in our case we have 2 independent firewall ] should I create the VIP for both firewall ? or should I just simply set the server's gateway to BVI interface, ?
Please Help Thanks
06-25-2008 01:15 PM
06-25-2008 09:58 PM
If you have the ACE devices in bridge mode, traffic from the servers will be bridged and not loabalanced to the firewall.
That does not really make sense.
You need the ACE devices in router mode so you can set your default gateway pointing to ACE and then ACE can loadbalance the request to the firewall.
You can use private subnets (10.x.x.x or 192.168.x.x) for addressing the different components - ACE && ASA.
Gilles.
06-25-2008 10:29 PM
Thank you very much Gilles,
You 're the man. ;-)
Another question in my case I try to load balance 3 interface firewall [inside,outside,dmz] in order to make the packet return the same firewall it has passed earlier,
What kind of hashing technique do I need to use and Do i need to use mac sticky command ???
I tried to find some configuration sample from cisco website , but i only found with only 2 interface with ACE running source hash and destination hash in each ends,
Thank you very much
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: