Re: Dual ISP HA firewall

jeffrey.c · ‎07-02-2006

Hi,

Anyone got any idea on how to acheive

dual ISP, dual firewall (HA).

I need design a network the uses 2 ASA 5520, and load balance between 2 different ISP.

I have seen the sample configuration for two ISP but active and standby.

I need both the firewall and ISP to loadbalanced. Wonder anyone has push this to the limited ?

grant.maynard · ‎07-03-2006

BGP is the only way I can think of. A single IP range advertised both by ISPs.

Fernando_Meza · ‎07-03-2006

I hope it helps .. please rate it if it does !!!

anand1871 · ‎07-03-2006

well that can be done only for outbound loadbalancing...i.e. traffic going out of the network.....

palomoj · ‎07-03-2006

I do not believe you can achieve load balancing between 2 ISP's because of how BGP works. You can achieve redundancy in the event your primary ISP connection goes down via BGP and HSRP. The following links should help you with that information.

http://www.cisco.com/en/US/customer/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtml

http://www.cisco.com/en/US/customer/tech/tk365/technologies_configuration_example09186a00800945bf.shtml#conf5

http://www.cisco.com/en/US/customer/tech/tk365/technologies_configuration_example09186a0080093f2c.shtml

HTH

anand1871 · ‎07-03-2006

wat u will have to do is....

lets say we have two vlans (10,20) and two ISPs (1 and 2)

We can use the two firewalls either in active/satndby mode or

We will nat all user on vlan 10 to isp 1 public IP

And Vlan 20 users to isp2 public IP...

both the isps will be connectd to a single router...

this router will have policy based routing (pbr) defining that traffic from any IP ISP1 will be sent to isp1 and isp2 to isp2..

this would provide us witg basic kind of loadbalancing..

hope that helps...