10-26-2010 10:42 PM - edited 03-11-2019 12:00 PM
Hello All,
I am having only Cisco ASA 5510 in my network. I am also having 2 Internet links. I want to use one link For Site-to-Site VPN & other Link for Internet.
So i need to do Load Balancing on ASA.
Is ASA 5510 Supports Load Balancing ? if not whts the Other option ?
If Yes then How to do it ?
Thanks...
Solved! Go to Solution.
10-27-2010 04:58 AM
Vinayak,
We have seen this question posted many times in the past. I had written a document to refer people to.
You can read about other options available here; https://supportforums.cisco.com/docs/DOC-13015
let us know if you have any further question, otherwise pls. mark this thread answered.
-KS
10-27-2010 12:19 AM
Hi
Please find below the link for your help and referrence.
http://www.cisco.com/en/US/docs/security/asa/asa71/asdm51/selected_procedures/asdm_lb.pdf
Also the same question was asked on this forums and I suggest you go through it
https://supportforums.cisco.com/thread/228769
HTH.
10-27-2010 02:26 AM
Hi,
Thanks for reply.
According to the link it says Load Balancing is possible only on ASA 5520 or Higher.
But i am having ASA 5510. Then how to do Load Balancing on ASA 5510 ?
Am i require Router in this case ?
10-27-2010 04:58 AM
Vinayak,
We have seen this question posted many times in the past. I had written a document to refer people to.
You can read about other options available here; https://supportforums.cisco.com/docs/DOC-13015
let us know if you have any further question, otherwise pls. mark this thread answered.
-KS
10-27-2010 05:02 AM
Hi KS,
Thanks for reply.
According to this document. i got a brief idea. Means i need to install a router in my network, there is no other option.
Is this configuration is sufficient or i need to add some config in that. coz i want to use one link for site-to-site VPN only.
10-27-2010 05:43 AM
If this is just for VPN to use one ISP and the rest of the traffic to use another ISP you can do that without a layer 3 device.
Terminate the tunnels to one interface (call it VPN interface) and use nat/global and your default route pointing to the other interface (call it Internet interface).
Add static routes to the peers via the VPN interface. Apply the crypto map only to this VPN interface.
-KS
10-27-2010 09:20 PM
Hello KS,
yes, I want to usse one ISP only for VPN & Other ISP Only for Inetrnet. I want all my LAN User to use both these services at same time.
Can u tell me how to configure it on firewall.
I got ur point tht dedicating one interface for VPN. But can u please tell me how to do that ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide