Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

2 ISP Link

Hi

Can we terminate 2 Internet link on ASA and get loadbalancing  + failover setup

Loadbalancing -  send http,https traffic on Link A  and other traffic on Link B

Failover  - If Link A fails then all traffic reroutes to Link B and vice-versa

Thanks

Anthony

1 REPLY

2 ISP Link

Hello Anthony,

As you migth know PBR is not supported on ASAs but there are some work-arounds to do it ( CISCO does not support it officialy) that could work.

The failover will be done by using SLA monitoring:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

For the PBR ( Send http and https on one link)

route ISP1 0 0 1.1.1.2 // Default route pointing to ISP1

route ISP2 0 0 2.2.2.2  2  // Default route with Metric 2 via ISP2

static (ISP2,inside) tcp 0.0.0.0 80 0.0.0.0 80

static (ISP2,inside) tcp 0.0.0.0 443 0.0.0.0 443

sysopt noproxyarp inside // important, otherwise it will cause routing issues as the ASA will start sending proxy-arps for all hosts on the inside.

nat (inside) 1 0 0

global (ISP1) 1 interface

global (ISP2) 1 interface

Do rate helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
236
Views
0
Helpful
1
Replies
CreatePlease to create content