08-01-2012 03:59 AM - edited 03-11-2019 04:36 PM
Dear all
We have a cisco firewall ASA-5510 which is configured to connect our users to one ISP. Recently we added new ISP and our company wants to connect both ISP to the network. I configured both connections but to make our user use internet we need to configure new ISP (new interface) in the static routes. But in our model we cannot have two interfaces as default static routes (IP Address: 0.0.0.0, Mask: 0.0.0.0, Metric: 1).
Now I would like to ask what the best solution for our problem is. How can I configure our firewall in such a way that it will check the traffic of each ISP and rout user to the ISP that has a lower traffic? Is it possible?
Thank you so much
08-01-2012 04:23 AM
Hi Saman,
As far as i know you cannot do that by looking at the traffic that passes using ur firewall. If you have the 2 ISP's configured in your firewall with proper updates. Then you can do this for load balancing.
Say outside1 and outside2 are your ISP connected interfaces.
route outside1 0.0.0.0 127.0.0.0
route outside2 128.0.0.0 127.0.0.0
you can do a loadbalancing to some extent. but not completely.
Please do rate if the given information helps.
By
Karthik
08-01-2012 07:39 PM
Hi Karthik
Thank you for replying. anyway I didn't get what you mean.
route outside1 0.0.0.0 127.0.0.0
Is 127.0.0.0 Mask? If mask then it is invalid mask. can you explain which is IP Address and which is mask and Which is metric?
Thank you again
Also is there anyway that I can configure firewall to even randomly divide users in these two ISPs? how can I make both work in the network?
Thank you so much
Saman
08-01-2012 08:52 PM
Hi Saman,
Sorry for that mask confusion. it should be like this.
0.0.0.0 128.0.0.0
128.0.0.0 128.0.0.0
randomly sending traffic is not possible in this scenario as far as i know. If you have 2 firewalls running in standalone mode you can make 1 firewall to take isp1 as primary and another as secondary. The other firewall will take isp2 as primary gateway and so.
Please do rate if the given information helps.
By
Karthik
08-02-2012 02:09 AM
Hi Karthik
Sorry I am kinda new in cisco can you explain more?
Can you tell me in this configuration what is IP Address, What is Netmast, What is Metric and also what option I have to set?
Also somebody told me that one solution is two make another gateway in the firewall and connect the other gateway to the other ISP and then divide user by using two different gateway. what do you think?
Again thank you
08-02-2012 03:03 AM
Hi Saman,
The scenarion told by the other person is not possible in the firewalls. You can do that in routers using the IPSLA. But in firewalls you cannot do that from the source basis. Whatever i have suggested is a workaround.....
0.0.0.0 128.0.0.0
128.0.0.0 128.0.0.0
So for eg you are trying yahoo.com which is having ip 12.1.1.1 so this will take outside1 route.
for google.com if that ip address is 150.1.1.1 then it will take outside 2 route and go....
You can alter it accordingly... But this is an workaround... not a solution.... If you have the router then you can make this loadbalancing to have one source to go via isp1 and other source will go via other isp....
May be the other experts in our forum can throw some light on this.
Please do rate if the given information helps.
By
Karthik
08-02-2012 03:23 AM
Hi Karthik
wow thank you so much for your help. So the best solution is still what you suggested but I am still kinda confuse how to do this setup that you are sugesting. I really can't find a way how to configure what you are suggesting. cause if I set ISP1 as
IP: 0.0.0.0 Mask 0.0.0.0 then setup ISP2 as IP 127.0.0.0 Mask 0.0.0.0 still I cannot divide it to two.
Or maybe what you are suggesting, should not be done through static routing. cause I am thinking of solution using static routing and in static routing you have to set IP and Mask. and I cannot set a range of IP.
Again thank you
08-02-2012 09:19 PM
I think Karthik pretty much covered it.
There is no way to have two default routes or perform any kind of intelligent load-balancing
You can use static routes to direct certain traffic across the two links but you must specify destination networks.
As Karthik was suggesting
0.0.0.0 128.0.0.0
128.0.0.0 128.0.0.0
The ASA supports redundant ISP links in an active/passive scenario but will not load-balance between them.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide