Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Load Balancing between two ISP Links including VPN Traffic.

Hello Experts:

We have Cisco ASA 5505 being used for our office and there are two ISP links where-on we configured first ISP link as a primary link and second connection for failover but second link is useless as firewall doesn’t support load balancing between the links.

There are around 10 sites are connected through VPN which are configured with primary link. I tried to configure the STS Tunnel on secondary link so that if primary link goes fail then the remote sites which are configured on STS Tunnel to be accessible by second ISP link but we can’t allow the same as well and internet will only work when the primary link goes down.

Now, we are planning to put the other device/appliance so that two bandwidths share the traffic and are fully redundant and I supposed Juniper firewall supports the same, if yes then pls. advice to go with that. I would also ask from experts if there is another alternative solution they would suggest for that.


Vinay Gupta


Re: Load Balancing between two ISP Links including VPN Traffic.

The ASA as you mentioned will not load balance traffic between internet links.

The ASA can do some load balancing if configured in multiple context mode (but it will not support VPN and has other limitations as well).

If you place a router, then the router can load balance the traffic and depending on the IOS can handle the VPNs as well.


Cisco Employee

Re: Load Balancing between two ISP Links including VPN Traffic.

As we see this question posted on our forum quite often, I wrote this document that we can refer people to.


CreatePlease to create content