topic ASA Load Sharing to Single ISP in Network Security https://community.cisco.com/t5/network-security/asa-load-sharing-to-single-isp/m-p/1332391#M819345 <P>Hi all,</P><P>I have read through countless posts on my question and have gleaned a lot of information from them.</P><P></P><P>My scenario is this.</P><P></P><P>We have a 6500 core connected to two ASA's in active/standby mode. The ASAs are connected to two 3550 switches which are providing BGP pairing with each other and our ISPs Internet links, both 1Gb/s one to each switch, running as primary/backup. The ASA has a default route to the HSRP address shared by the switches.</P><P>We have cause to allocate a subnet from our range to a third party temporarily. I would like to route this subnet through the backup link (outgoing and incoming)</P><P>I can configure BGP to route accordingly, but this will only apply for incoming traffic.</P><P>I could put a route-map on on of the 3550's to reroute traffic based on source ip to use the other switch/backup link, but this will waste bandwidth on the switch interface.</P><P>Any other ideas how I can push one subnet out of one switch, and the rest through the other?</P><P></P><P>Many thanks for reading,</P><P>Phil.</P> Mon, 11 Mar 2019 16:07:31 GMT isa-aston-03 2019-03-11T16:07:31Z ASA Load Sharing to Single ISP https://community.cisco.com/t5/network-security/asa-load-sharing-to-single-isp/m-p/1332391#M819345 <P>Hi all,</P><P>I have read through countless posts on my question and have gleaned a lot of information from them.</P><P></P><P>My scenario is this.</P><P></P><P>We have a 6500 core connected to two ASA's in active/standby mode. The ASAs are connected to two 3550 switches which are providing BGP pairing with each other and our ISPs Internet links, both 1Gb/s one to each switch, running as primary/backup. The ASA has a default route to the HSRP address shared by the switches.</P><P>We have cause to allocate a subnet from our range to a third party temporarily. I would like to route this subnet through the backup link (outgoing and incoming)</P><P>I can configure BGP to route accordingly, but this will only apply for incoming traffic.</P><P>I could put a route-map on on of the 3550's to reroute traffic based on source ip to use the other switch/backup link, but this will waste bandwidth on the switch interface.</P><P>Any other ideas how I can push one subnet out of one switch, and the rest through the other?</P><P></P><P>Many thanks for reading,</P><P>Phil.</P> Mon, 11 Mar 2019 16:07:31 GMT https://community.cisco.com/t5/network-security/asa-load-sharing-to-single-isp/m-p/1332391#M819345 isa-aston-03 2019-03-11T16:07:31Z Re: ASA Load Sharing to Single ISP https://community.cisco.com/t5/network-security/asa-load-sharing-to-single-isp/m-p/1332392#M819360 <HTML><HEAD></HEAD><BODY><P>You could use the weight attribute in BGP to influence that route to go out the backup circuit. You will have to configure it using a route map so only the specific route gets weighted. I think a static route would work too. Since the ASA does not support PBR, I don't think it's possible there.</P><P></P><P></P><P></P></BODY></HTML> Wed, 19 Aug 2009 12:19:29 GMT https://community.cisco.com/t5/network-security/asa-load-sharing-to-single-isp/m-p/1332392#M819360 Collin Clark 2009-08-19T12:19:29Z