Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Load balancing with asa and incoming connections


We have an ASA5510 connected from one outside interface to three adsl routers through a switch, all of them in the same subnet. As far as I know, adding three default routes pointing to the IP addresses of these routers will make the asa try to load balance outgoing traffic.

We have remote users connecting to a server using remote desktop, so I have forwarded port 3389 from all routers to asa and from asa to the server’s ip. If I configure only one default route to any of the routers, remote users can connect using that router. If I enable all three default routes, users cannot connect to none router. I am guessing this is because asa send traffic back to remote user through other router, due to load balancing. Is there a way to make it work?

Everyone's tags (3)
Community Member

Re: Load balancing with asa and incoming connections

I have never seen a deployment where you give 3 different default routes.  Someone may have gotten it to work, but normally what will happen is what you are experiencing.  If you ran a packet sniffer this is what I would expect to see.

Packet 1 goes out ROUTERA

Packet 2 goes out ROUTERB

Paclet 3 goes out ROUTER C

If packet was session then it would work but since all three of those packets need to reassemble on the other side they will not be able to because they won't match and thus traffic will constantly break down and fail.  Even if some traffic goes thru not all traffic will work.

traditionally what you need to do is configure a single ip address that then load balances the 3 other ip address'.  I do not believe the ASA has a load balance feature.  To be sure i did a search and found this post with a Cisco Employee stating that the ASA's do not have load balancing.

Sorry to be the bearer of bad news.

Community Member

Re: Load balancing with asa and incoming connections

Thanks for the quick reply. So is there any way I can use all three routers with the asa, while remote users can still user remote desktop? We also have a spare cisco 876W router. Can I use it for load balancing if I add it between the asa and the three routers?

CreatePlease to create content