Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

backup and load balancing solution problem

hello experts, my firewall has to wan interfaces wan1 and wan2, each one connected to a dsl router. and i configured the rules on the pix firewall to allow outgoing traffic from the lan out wan1 and wan2 but i discovered that wan1 only can connect the lan to the internet and when i tried that on wan2 i found no internet and after checking the logging, i found these messeges concerning wan2 interface:







i appretiat quick reply, because this is a critecal issue at my customer, thanks alot

  • Firewalling
Cisco Employee

Re: backup and load balancing solution problem

I am trying to answer this at the middle of my work as you mentioned this is very critical at your end...

Pix being a security device does not support two default routes

with same metric on it. Yes, you can put two default route with fidderent metric as


route outside 0 0 (T1 router IP) 1

route OUT2 0 0 (fiber router IP) 2

But this would not accomplish our goal as this would be a good scenario for a backup

gateway (just incase if 1st one goes down). Again, here we need to note that if the pix

sees the outside interface has line protocol down, then it would start routing the traffic

to the OUT2 (fiber) interface. This is a scenarion for backup link.

What you are trying to accomplish is again neither constructing a Backup Link nor exactly

a load balancing between two links but something called as policy based routing (PBR)

which is routing based on source packets which pix does not support however, to accomplish

this goal, we need to implement such scenario/topology:




Now with this topology, we can send all the traffic to router (pix default gateway) and

let router do PBR of sending packets to ISP1 or ISP2 based on source ip address.

hope this helps !

New Member

Re: backup and load balancing solution problem

thanks for your reply, but u mean that i cant do load balancing or backup solutions on pix or asa firewall, and i can do that on the router to the two ISPs, right?

Cisco Employee

Re: backup and load balancing solution problem

yes you cannot do load balancing on ASAs/Pixes

You can definitely configure ISP fallback/Redundancy on ASAs/Pixes