cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
880
Views
0
Helpful
5
Replies

ASA- Internet Redundancy

estelamathew
Level 2
Level 2

Hello Dear's,

Pls find the attached

Suggest me how the packets will flow towards both routers by ASA (OUTBOUND TRAFFIC) ???? and how can i get the redundancy and load sharing for both the Internet router,if 1 fails the another should be responsible to route packets.

I WANT REDANDANCY AS WELL AS LOAD SHARING.

Thanks.

2 Accepted Solutions

Accepted Solutions

andhingr
Cisco Employee
Cisco Employee

ASA does not support load sharing or load balancing with multiple ISP but you can have redundency. Here is the link for sample config

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

View solution in original post

Estela,

I do not have visio on this computer so, I can't open this.  When you attach pictures in the future pls. use .png, .jpg or something common that people will have installed on their computer by default.  Not many people have viso or visio reader installed.

Coming to your question.  Yes that is correct packets will be blanced between 3 routes out the same interface.

Yes you are correct. If you try to add a default route out any other interface you will get an error.

ASA(config)# route inside 0 0 10.10.10.1
ERROR: Cannot add route entry, conflict with existing routes

-KS

View solution in original post

5 Replies 5

andhingr
Cisco Employee
Cisco Employee

ASA does not support load sharing or load balancing with multiple ISP but you can have redundency. Here is the link for sample config

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Hello Anil,

I was aware of this design that u have proposed in a link, the things what i want to clear is suppose i have specified a 2 default route with same AD on ASA pointing to 2 internet routers with all in same subnet (outside interface,router-1,and router-2) than how the traffic will flow from ASA it will be a

per packet or per destination???

I m concern abt the traffic that ASA will push toward routers, which router ASA will prefer router-1 OR router-2 ?????.

Thanks.

You can have upto 3 default routes pointing out the SAME interface.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/route_static.html#wp1121567

You can define up to three equal cost default route entries per device. Defining more than one equal cost default route entry causes the traffic sent to the default route to be distributed among the specified gateways. When defining more than one default route, you must specify the same interface for each entry.

ECMP (Equal Cost Mutiple Path) - ECMP uses a hash of the source and destination IP to load balance.

-KS

Hello Kusankar,

  just i wanted to know the traffic flow,and u confirmed me in ur below mail by the word distributed,that means the attached diagram will have no problem to send traffic among multiple gateways as firewall will distribute among gateways. Please correct me if i m wrong???

"Defining more than one equal cost default route  entry causes the traffic sent to the default route to be distributed among the specified gateways"

What written below is correct ????

route outside 0 0 10.10.10.1

route outside 0 0 10.10.10.2

route outside 0 0 10.10.10.3

It will accept these above three route's and it it will distribute traffic according to itself ???  correct me i m wrong.

BUT

route ISP-2 0 0 11.11.11.1

The above route will give me error.Correct me i m wrong.

Thanks

Estela,

I do not have visio on this computer so, I can't open this.  When you attach pictures in the future pls. use .png, .jpg or something common that people will have installed on their computer by default.  Not many people have viso or visio reader installed.

Coming to your question.  Yes that is correct packets will be blanced between 3 routes out the same interface.

Yes you are correct. If you try to add a default route out any other interface you will get an error.

ASA(config)# route inside 0 0 10.10.10.1
ERROR: Cannot add route entry, conflict with existing routes

-KS

Review Cisco Networking for a $25 gift card