Outbound load balancing works fine via eBGP and Provider Independant IPs. All good.
But my plan to load balance inbound traffic is not working out. I was relying on the outside interface of the Standby ASA to go down when the firewall was in standby mode. This would prevent the directly connected WAN switch from injecting the ASA subnet into OSPF, but the interface stays up/up.
Even without standby IPs on the outside interface, it stays up/up on the stanby ASA. This means both my WAN switches are advertising the same IP range to each WAN router, but nly one firewall is ever going to pass the traffic.
Thought about OSPF filtering to make it work, but that's seems like a dead end too.
Maybe I could scrap OSPF and use IP SLA to ping a unique IP on the active ASA, such as the failover link. If the ping fails, then remove the best static route to the active ASA and fall back to a second static router to the other ASA.
PS NAT is done on the firewalls, so I've currently splilt the /24 PI IPs in half. Half for the outside infrastructure and half for the NATing on the ASA outside interface.
PPS There are two WAN routers, two WAN switches and obviously the two firewalls.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...