Load Balancing using Virtual IP on DMZ interface of 5520 ASA

Pratik Prajapati — Mon, 11 Mar 2019 22:33:45 GMT

We want to achieve a load balancing scenario using Virtual IP on DMZ interface on a Cisco ASA 5520.

The IPs we are going to use on DMZ are 10.15.1.2 and 10.15.1.3

These IPs are going to be NATted to all inside IPs.

Lets say our outside IP is X.X.X.X

This IP points to 10.15.1.2 and 10.15.1.3 with .2 being the primary and .3 being the secondary.

When I hit the outside IP, it should point me to .2 and that .2 should take me to the inside IPs.

I need configuration assistance with that.

Load Balancing using Virtual IP on DMZ interface of 5520 ASA

mirober2 — Wed, 29 Feb 2012 20:50:14 GMT

Hi Pratik,

The ASA does not support having 1 global/translated IP address on the outside mapped to multiple local/real IP addresses on the DMZ. If it did, the ASA would have no way of deciding if traffic destined to X.X.X.X is really meant for 10.15.1.2 or 10.15.1.3. For this scenario, you should use a dedicated load balancer or a router that supports policy-based routing.

-Mike

topic Load Balancing using Virtual IP on DMZ interface of 5520 ASA in Network Security

Load Balancing using Virtual IP on DMZ interface of 5520 ASA

Load Balancing using Virtual IP on DMZ interface of 5520 ASA