Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA- Internet Redundancy

Hello Dear's,

Pls find the attached

Suggest me how the packets will flow towards both routers by ASA (OUTBOUND TRAFFIC) ???? and how can i get the redundancy and load sharing for both the Internet router,if 1 fails the another should be responsible to route packets.

I WANT REDANDANCY AS WELL AS LOAD SHARING.

Thanks.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: ASA- Internet Redundancy

ASA does not support load sharing or load balancing with multiple ISP but you can have redundency. Here is the link for sample config

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Cisco Employee

Re: ASA- Internet Redundancy

Estela,

I do not have visio on this computer so, I can't open this.  When you attach pictures in the future pls. use .png, .jpg or something common that people will have installed on their computer by default.  Not many people have viso or visio reader installed.

Coming to your question.  Yes that is correct packets will be blanced between 3 routes out the same interface.

Yes you are correct. If you try to add a default route out any other interface you will get an error.

ASA(config)# route inside 0 0 10.10.10.1
ERROR: Cannot add route entry, conflict with existing routes

-KS

5 REPLIES
Cisco Employee

Re: ASA- Internet Redundancy

ASA does not support load sharing or load balancing with multiple ISP but you can have redundency. Here is the link for sample config

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Community Member

Re: ASA- Internet Redundancy

Hello Anil,

I was aware of this design that u have proposed in a link, the things what i want to clear is suppose i have specified a 2 default route with same AD on ASA pointing to 2 internet routers with all in same subnet (outside interface,router-1,and router-2) than how the traffic will flow from ASA it will be a

per packet or per destination???

I m concern abt the traffic that ASA will push toward routers, which router ASA will prefer router-1 OR router-2 ?????.

Thanks.

Cisco Employee

Re: ASA- Internet Redundancy

You can have upto 3 default routes pointing out the SAME interface.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/route_static.html#wp1121567

You can define up to three equal cost default route entries per device. Defining more than one equal cost default route entry causes the traffic sent to the default route to be distributed among the specified gateways. When defining more than one default route, you must specify the same interface for each entry.

ECMP (Equal Cost Mutiple Path) - ECMP uses a hash of the source and destination IP to load balance.

-KS

Community Member

Re: ASA- Internet Redundancy

Hello Kusankar,

  just i wanted to know the traffic flow,and u confirmed me in ur below mail by the word distributed,that means the attached diagram will have no problem to send traffic among multiple gateways as firewall will distribute among gateways. Please correct me if i m wrong???

"Defining more than one equal cost default route  entry causes the traffic sent to the default route to be distributed among the specified gateways"

What written below is correct ????

route outside 0 0 10.10.10.1

route outside 0 0 10.10.10.2

route outside 0 0 10.10.10.3

It will accept these above three route's and it it will distribute traffic according to itself ???  correct me i m wrong.

BUT

route ISP-2 0 0 11.11.11.1

The above route will give me error.Correct me i m wrong.

Thanks

Cisco Employee

Re: ASA- Internet Redundancy

Estela,

I do not have visio on this computer so, I can't open this.  When you attach pictures in the future pls. use .png, .jpg or something common that people will have installed on their computer by default.  Not many people have viso or visio reader installed.

Coming to your question.  Yes that is correct packets will be blanced between 3 routes out the same interface.

Yes you are correct. If you try to add a default route out any other interface you will get an error.

ASA(config)# route inside 0 0 10.10.10.1
ERROR: Cannot add route entry, conflict with existing routes

-KS

347
Views
0
Helpful
5
Replies
CreatePlease to create content