cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
890
Views
8
Helpful
7
Replies

Load Balancing PIX

jeansamarani
Level 1
Level 1

Hi All,

we have the following scenario. 2 Firewall Active/Standby are facing 2 routers configured with HSRP.

is it possible in order to achieve LOAD Balancing for certain destination traffic to have 2 static routes having same AD but different next hop ? ( each route pointing to different physical IP address of the router and not to the virtual IP address ).

thanks in advance.

7 Replies 7

In your case Firewall is in active/standby so at any point of time only one box is forwarding traffic.

yes this is true but my goal is to achieve the Load Balacing via 2 ISP connected each one to the external border router ? can I achieve this by using the above approach ? what's the recommendation ?

You can achieve link level redundancy not load balance in your current setup.

Run BGP between your routers and the PE routers. And also an IGP protocol running between your gateway routers.

For acheiving load balancing between your links, you may run GLBP instead of HSRP on your gateway routers. EBGP between your routers and the PE routers. And also an IGP protocol running between your gateway routers.

May be other Gurus here, will give you better suggesstions :)

just to make sure that i got ur point. i need to use GLBP with the combination of eBGP and the IGP on the border routers?

yes, you got it.

Few more additions to this I can think of -

- tell your ISP to advertise a default route on both your links via EBGP.

- you will need to configure BGP MED on your gateway routers while advertising your IP subnets to the PE.

Good Luck.

Also you can refer to this link.

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml#diag3

Saurabh Kishore
Level 1
Level 1

Hi,

Though ASA?PIX do not support load balancing or packet shaping but lets say you have 2 ISP's, the traffic can be divided based on the routes you apply on the firewall

a simple example would be

route outside 0.0.0.0 128.0.0.0 x.x.x.x

route outside 128.0.0.0 128.0.0.0 y.y.y.y

here x.x.x.x will be your ISP1 and y.y.y.y will be the ISP2

this way the traffic can be divided between the 2 ISP's however this is just a workaround and is not a complete load balancing solution.

Though Load balancing can be configured on Cisco routers but it is not a supported feature on ASA/PIX firewall.

Let me know if you have any other questions

If you decide to do this, I would suggest to combine it with route tracking.

cfr. http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

In the example given by the previous poster, you can make one router primary for 0.0.0.0/1 and backup for 128.0.0.0/1, and vice versa.

Review Cisco Networking for a $25 gift card