Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

For Cisco Security processional

I have new internet connection line and i want to connect it with the primary internet connection through ASA 5510 ver 9.1

Kindly i need ideas

the first line is  working fine and want to implement the second line for load sharing purpose

 

Regards

 

5 REPLIES
Hall of Fame Super Silver

Cisco ASA firewalls do not

Cisco ASA firewalls do not support dynamic load sharing via multiple interfaces.

You can setup one to be a backup for the other but for true load sharing you need a router that terminates both lines and uses mechanisms like policy-based routing or BGP with full route tables to make decisions based on things like best path to a given destination.

Community Member

HI Mr.Marvinyou are right ASA

HI Mr.Marvin

you are right ASA firewall not supporting load sharing ,

I like to tell you the whole situation :-

I have internet line through cisco router 3825 connected to ASA 5510 ver 9.1 then ( the ASA Inside Connected to untrusted interface Palo Alto Firewall then the trusted interface palo alto connected to core swithc 4506 E and to the inside network)

so , i have new internet line and i want to use the two lines at the same time between users with the same network design,,

 

please help about this  

Cisco Employee

Hi,I think this should answer

Hi,

I think this should answer your query:-

https://supportforums.cisco.com/document/49756/asapix-load-balancing-between-two-isp-options

Thanks and Regards,

Vibhor Amrodia

 

Community Member

thanks Vibhor ,,, but it is

thanks Vibhor ,,,

 

but it is not helping

 

Hall of Fame Super Silver

So in the situation you

So in the situation you described the second Internet connection would go to the 3825 router. There you would let the routing protocol (e.g. BGP) dynamically choose the best path based on the configured BGP metrics. This would depend on taking a full routing table and not simply a default route.

You could also optionally use a more advanced feature like Performance Routing (PfR) in the 3825.

In either case, the ASA would have a default route to the 3825 and not have any part in making the choice between path A and path B.

92
Views
0
Helpful
5
Replies
CreatePlease to create content