https://community.cisco.com/t5/network-security/load-sharing-for-cisco-asa/m-p/3501311#M134449 <HTML><HEAD></HEAD><BODY><P>Thanks for your reply Jason. This is actually the first time that I've heard of this Traffic Zones. May need to lab this up.</P></BODY></HTML> Fri, 30 Jun 2017 09:32:47 GMT santiago.jem 2017-06-30T09:32:47Z https://community.cisco.com/t5/network-security/load-sharing-for-cisco-asa/m-p/3501309#M134447 <HTML><HEAD></HEAD><BODY><P>Hello experts, </P><P></P><P>Good day! </P><P>I have this device, Cisco ASA 5515 with version ASA 9.5(2)2</P><P></P><P>Can we do a load-sharing on our internet bound traffic with 2 internet circuit coming from 2 different ISP?</P><P>What we plan to do:</P><P></P><P>1. Users on VLAN10 will route through ISP1 - if ISP1 goes down, traffic will route to ISP2.</P><P>2. Users on VLAN 20 will route through ISP2 - if ISP2 goes down, traffic will route to ISP1.</P><P></P><P>I understand that VLAN10 to be routed to ISP1 and VLAN20 to be routed to ISP2 can be done through route-maps with 2 sequence numbers.</P><P>It is when the links fails and moves traffic to the other link where things get a bit complicated.</P><P></P><P>Is this even possible?</P><P></P><P>Thank you.</P></BODY></HTML> Thu, 29 Jun 2017 11:23:15 GMT https://community.cisco.com/t5/network-security/load-sharing-for-cisco-asa/m-p/3501309#M134447 santiago.jem 2017-06-29T11:23:15Z https://community.cisco.com/t5/network-security/load-sharing-for-cisco-asa/m-p/3501310#M134448 <HTML><HEAD></HEAD><BODY><P>I'd probably just use load sharing using zones and ignore the vlans unless there is a business reason to do so:</P><P></P><P></P><P><A href="http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/interface-zones.html#pgfId-1068427" style="font-size: 10pt;" title="http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/interface-zones.html#pgfId-1068427">CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.3 - Traffic Zones [Cisco ASA 5500-X Series Fi…</A></P><P></P><P>But what you want to do is possible.&nbsp; Check the 'verify availability' portion of this link:</P><P></P><P><A href="http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-based.pdf" style="font-size: 10pt;" title="http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-based.pdf">http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-bas…</A></P><P></P><P>From the doc:</P><P></P><P>Verify if the next IPv4 hops of a route map are available:</P><P>set ip next-hop verify-availability next-hop-address sequence_number track object</P><P></P><P>You can configure an SLA monitor tracking object to verify the reachability of the next-hop. To verify the availability of multiple next-hops, multiple set ip next-hop verify-availability commands can be configured with different sequence numbers and different tracking objects.</P></BODY></HTML> Thu, 29 Jun 2017 14:00:57 GMT https://community.cisco.com/t5/network-security/load-sharing-for-cisco-asa/m-p/3501310#M134448 Jason Gervia 2017-06-29T14:00:57Z https://community.cisco.com/t5/network-security/load-sharing-for-cisco-asa/m-p/3501311#M134449 <HTML><HEAD></HEAD><BODY><P>Thanks for your reply Jason. This is actually the first time that I've heard of this Traffic Zones. May need to lab this up.</P></BODY></HTML> Fri, 30 Jun 2017 09:32:47 GMT https://community.cisco.com/t5/network-security/load-sharing-for-cisco-asa/m-p/3501311#M134449 santiago.jem 2017-06-30T09:32:47Z