Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1311
Views
5
Helpful
5
Replies

Cisco ASA 5508-x Fail-over

Go to solution
NetzKing
Level 1
Level 1

‎07-11-2018 01:39 AM - edited ‎02-21-2020 07:58 AM

Hi Team,

I have two ASA in Active/Standby but they support Active/Active. My two Internet leased line directly connected to both ASA from L2 switch. and in LAN i have only single network. in this case i just want to use both ISP simultaneously to load balance internet traffic. How can i do the same? Do i need to configure route map? Or how can i do this to configure both ASA in Active/Active cluster?  

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mvsheik123
Level 7
Level 7

‎07-12-2018 04:16 AM

Hi,

In addition to suggestions from experts, check below posting. Both options addressed by experts clearly with doc links..

 

https://supportforums.cisco.com/t5/firewalling/active-active-or-active-standby/td-p/1993940

 

hth

MS

 

 

View solution in original post

5 Replies 5

Go to solution
mbilgrav
Level 3
Level 3

‎07-11-2018 02:23 AM

As such, this is not a fail-over question.
I think your issue, and question, is around the routing towards internet. Normally in ASA you would have one default route (0.0.0.0) towards internet, and in cases with dual ISPs, you are limited to whatever option the ISP has. Like one single ISP can provide option for protected circuits etc. If you have two different ISP, then you option woudl be to install router(s) infront of ASA and using BGP peering with your ISPs to obtain internet routing, then as such you can get rid of the default route issue, as BPG will route for you.
One ASA option is to use tracking, and then based on action, change routes within ASA.
0 Helpful

Go to solution
NetzKing
Level 1
Level 1
In response to mbilgrav

‎07-11-2018 02:33 AM

Agreed.

Now how can use both the link simultaneously without using BGP or L3 device?
0 Helpful

Go to solution
mbilgrav
Level 3
Level 3
In response to NetzKing

‎07-11-2018 06:34 AM

I think you are missing the point. you cant use two default routes at the same time.
Should you have two route with same cost/metric etc, you would end up in a round-robin setup, which may introduce asymmetric routing, which will impact performace severly.
What you can do is to have one link as backup for the other.
0 Helpful

Go to solution
mbilgrav
Level 3
Level 3
In response to mbilgrav

‎07-11-2018 06:41 AM

Depending upon use-case - One other scenario, could be to install an Explicit webcaching proxy, which then holds one ISP link, and the other ISP link is then used for non Proxy traffic, like f.ex. hosting-services.
This way your regular users, would use the Proxy for surfing the webz, and your other hosting-services are using the other link.
This would also improve you overall security level for endpoints. Check out the Cisco WSA series.
0 Helpful

Go to solution
mvsheik123
Level 7
Level 7

‎07-12-2018 04:16 AM

Hi,

In addition to suggestions from experts, check below posting. Both options addressed by experts clearly with doc links..

 

https://supportforums.cisco.com/t5/firewalling/active-active-or-active-standby/td-p/1993940

 

hth

MS

 

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card