Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1622
Views
15
Helpful
9
Replies

ASA 5505-X Firewall multiple ISPs load balancing

Moudi
Level 1
Level 1

‎11-27-2018 04:21 AM - edited ‎02-21-2020 08:30 AM

Hello,

 

I have 3 ISPs coming into my ASA 5505-X.

 

One of them is already configured by the previous sysadmin, i have never touched the configuration and i'm afraid of doing something that may affect it.

 

I would like to configure the additional two for load balancing, not application specific but just 33/33/33 user split; but have no idea where to start with the current configuration.

 

current running config:

https://pastebin.com/0TMwQhdr

 

What can be done here?

0 Helpful
9 Replies 9

Sheraz.Salim
VIP Alumni
VIP Alumni

‎11-27-2018 04:34 AM

I noted you have one outside interface (gig1/1) with public address. however there is no other interface use as outside.

i belive you mean you will connect remaining outside (ISP cables) to this firewall. Is my understanding is correct?

 

I dont think you can do a load balance the 3 outside interfaces. however you can create an ip sla. if one link goes down other will kick in.

please do not forget to rate.

Moudi
Level 1
Level 1
In response to Sheraz.Salim

‎11-27-2018 06:03 AM

Yea, the other ISPs are coming on Gbport 2 and 3 which are not yet configured, that's what i need help with.

 

I am looking to go for load balancing and not just a failsafe mechanism.

 

 

0 Helpful

mkazam001
Level 3
Level 3

‎11-27-2018 05:55 AM

link below may be helpful:

https://community.cisco.com/t5/security-documents/loadbalancing-dual-isp-on-asa/ta-p/3127108

regards, mk

please rate if helpful :)

Sheraz.Salim
VIP Alumni
VIP Alumni
In response to mkazam001

‎11-27-2018 06:03 AM

Thanks very helpful
please do not forget to rate.
0 Helpful

Moudi
Level 1
Level 1
In response to mkazam001

‎11-27-2018 06:04 AM

Hello Mkazam :)

 

Thank you for the URL, that was the top result i ran into; however I am unsure how to implement it with my current setup, which is why i'm here for help :(

0 Helpful

mkazam001
Level 3
Level 3
In response to Moudi

‎11-27-2018 06:17 AM

I don't think you can do LB, as Sheraz suggested you can use IP SLA - where you will have more than 1 default route with different ADs - if the primary link goes down, that route will be removed from the routing table & the next route will appear pointing to your secondary path next hop.

You could share traffic load by implementing policy based routing - with this config you can set the next hop for traffic based on the source destination.

Regards, mk

Please rate if helpful :)

Moudi
Level 1
Level 1
In response to mkazam001

‎11-27-2018 06:56 AM

That makes sense yea.

 

Thank you friend, i'm going to look into another piece of hardware to satisfy the load balancing instead.

0 Helpful

mkazam001
Level 3
Level 3
In response to Moudi

‎11-27-2018 07:10 AM

happy to help!!

regards, mk

0 Helpful

Kasun Bandara
VIP
VIP

‎11-27-2018 10:13 PM

Hi,

 

you can use Zone based routing to do load balancing. please check the below link for more information.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/interface-zones.html#pgfId-1066228

 

regards,

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card