Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
625
Views
0
Helpful
1
Replies

ASA - External Interface / BGP

Go to solution
trippi
Level 1
Level 1

‎03-01-2010 03:14 PM - edited ‎03-04-2019 07:39 AM

I have attached my network diagram in a pdf.

My ASA is configured with two outside interfaces

One to each ISP.
Each ISP router is getting a default route from provider.

I am currently using HSRP between the two routers on the inside interface on BVI interfaces of the routers.

I have a static default route configured on the ASA for ISP #1 HSRP's address.

I have IBGP running between the two routers.

I have a local weight preference on each router to take its own ISP out.

I want to utilize ISP #2 more and have created a few static default routes out that HSRP address.

Should I do away with one of the outside interfaces on the ASA?

What is the best way to handle the routing on the outside of the ASA?

Labels:
Preview file
51 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-05-2010 01:31 AM

Hello Trippi,

>> My ASA is configured with two outside interfaces

this can be a problem. ASA can perform load balancing towards different next-hops that are out the SAME interface.

The ASA is a FW first, so the outgoing interface is chosen by the FW xlate according to its configuration.

see

>> Load sharing on the adaptive security appliance is  possible only for multiple next-hops available using single egress  interface.  Load sharing cannot share multiple egress interfaces.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/route_overview.html#wp1095679

I would suggest you to review your design in order to have a single outside interface to reach both  routers

Hope to help

Giuseppe

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-05-2010 01:31 AM

Hello Trippi,

>> My ASA is configured with two outside interfaces

this can be a problem. ASA can perform load balancing towards different next-hops that are out the SAME interface.

The ASA is a FW first, so the outgoing interface is chosen by the FW xlate according to its configuration.

see

>> Load sharing on the adaptive security appliance is  possible only for multiple next-hops available using single egress  interface.  Load sharing cannot share multiple egress interfaces.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/route_overview.html#wp1095679

I would suggest you to review your design in order to have a single outside interface to reach both  routers

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card