Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA TO ASA: Load Balancing over VPN and lease line

Hi

I have 2 ASA 5510 firewalls on each site lets say ASA-1 on first site and the ASA-2 on the second site.

ASA-1 has the LAN subnet 10.1.0.0/16 and the ASA-2 has the LAN subnet 10.2.0.0/16.

The 2 ASA's are connected through the lease line which has the cisco routers at each end. leaseline routers are in the LAN subnet.

I have successfully managed to provide the redundacy through VPN if the lease line goes down by using static routes with metric 1 via lease line using tracking and metric 2 via vpn.

Now I want to do the loadbalancing on these 2 links. e.g if the protocol is http then use the vpn and for all other traffic use the lease line. Is there is any way i can do that on these firewalls?

  • Other Security Subjects
2 REPLIES

Re: ASA TO ASA: Load Balancing over VPN and lease line

this can basicaly be achived via PBR policy based routing, but unfortunatly the feature not supported on cisco firewalls

but as i was reading through

i came acroos and idea

if u have servers on the remote site

u can make static nating for those servers

lets say u have web server make static nat for it

and then on ur asa add explicit route to that ip so in this case u gonna make all traffic to the web server through one interface and all other traffic through other intrface with the same stratigy u are useing multiple static route

jus an idea

good luck

please, if helpful rate

New Member

Re: ASA TO ASA: Load Balancing over VPN and lease line

in this case, i will lose the redundancy. Secondly i have the big infrastructure with the centralized domain controllers, dns but local dhcp servers. different ip will create a lot of problems for the domain integration. Any other helpfull suggestion? Anways thanks for the reply. looking forward for another solution.

111
Views
0
Helpful
2
Replies
This widget could not be displayed.