Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Load Balancing PIX

Hi All,

we have the following scenario. 2 Firewall Active/Standby are facing 2 routers configured with HSRP.

is it possible in order to achieve LOAD Balancing for certain destination traffic to have 2 static routes having same AD but different next hop ? ( each route pointing to different physical IP address of the router and not to the virtual IP address ).

thanks in advance.

  • Firewalling
7 REPLIES

Re: Load Balancing PIX

In your case Firewall is in active/standby so at any point of time only one box is forwarding traffic.

New Member

Re: Load Balancing PIX

yes this is true but my goal is to achieve the Load Balacing via 2 ISP connected each one to the external border router ? can I achieve this by using the above approach ? what's the recommendation ?

Re: Load Balancing PIX

You can achieve link level redundancy not load balance in your current setup.

Run BGP between your routers and the PE routers. And also an IGP protocol running between your gateway routers.

For acheiving load balancing between your links, you may run GLBP instead of HSRP on your gateway routers. EBGP between your routers and the PE routers. And also an IGP protocol running between your gateway routers.

May be other Gurus here, will give you better suggesstions :)

New Member

Re: Load Balancing PIX

just to make sure that i got ur point. i need to use GLBP with the combination of eBGP and the IGP on the border routers?

Re: Load Balancing PIX

yes, you got it.

Few more additions to this I can think of -

- tell your ISP to advertise a default route on both your links via EBGP.

- you will need to configure BGP MED on your gateway routers while advertising your IP subnets to the PE.

Good Luck.

Also you can refer to this link.

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml#diag3

New Member

Re: Load Balancing PIX

Hi,

Though ASA?PIX do not support load balancing or packet shaping but lets say you have 2 ISP's, the traffic can be divided based on the routes you apply on the firewall

a simple example would be

route outside 0.0.0.0 128.0.0.0 x.x.x.x

route outside 128.0.0.0 128.0.0.0 y.y.y.y

here x.x.x.x will be your ISP1 and y.y.y.y will be the ISP2

this way the traffic can be divided between the 2 ISP's however this is just a workaround and is not a complete load balancing solution.

Though Load balancing can be configured on Cisco routers but it is not a supported feature on ASA/PIX firewall.

Let me know if you have any other questions

Cisco Employee

Re: Load Balancing PIX

If you decide to do this, I would suggest to combine it with route tracking.

cfr. http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

In the example given by the previous poster, you can make one router primary for 0.0.0.0/1 and backup for 128.0.0.0/1, and vice versa.

113
Views
8
Helpful
7
Replies
This widget could not be displayed.