cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1286
Views
0
Helpful
11
Replies

Load Balancing

nikuhappy2010
Level 1
Level 1

Hi, I have Two ASA Fw and two different ISP leased lines. Now I want to create VPN tunnel site to site with DC and it will work. Its fine. Now I want to use both ASA and both ISP lines will be use for both ASA boxes and I will create the Tunnel. Now if I connect my inside network with both firewall then will it work? I want load balancing between ISP links and load Balancing of VPN tunnel. The configuration is in below:-

FW 1 outside interface 1.1.1.1/24

FW 1 Inside Interface 192.168.12.1/24

FW 2 Outside interface 2.2.2.2/24

FW 2 Inside Interface 192.168.12.2

Now if I assign the gateway 192.168.12.1 on client machines then traffic moves from FW1 and if I use 192.168.12.2 then traffic will move from second Fw. Now I want the traffic will use both interface and 50-50 % traffic could divert. Is it possible then please tell us what shd i do? Will it be work if I install one router between local lan and FW. Thanks.

11 Replies 11

nikuhappy2010
Level 1
Level 1

Please respond....Is it possible or not??

From where to where are you going to do loadbalancing?

could you show the planned topology?

elderr
Level 1
Level 1

Are you using the ASA's in an Active/Active failover?

No I m not using Failover. Let me clear my setup again. I have two ASA FW and Two ISP Links.

Ist ISP Links 1.1.1.1

IInd ISP Link 2.2.2.2

Inside Network 192.168.12.0/24

Now I configure one link on outside interface of first FW and second link on second FW outside Interface. And First Firewall interface IP address is 192.168.13.1 and second FW Inside Interface IP is 192.168.14.1 and both interfaces are connected with Cisco Router which has three interfaces. Router Conf is in below

Eth 0 192.168.13.2 Which is connected Ist FW

Eth 1 192.168.14.2 Which is connected IIst FW

Eth 3 192.168.12.1 which is connected my inside Network.

Static route using here

0.0.0.0 o.o.o.o 192.168.13.1

0.0.0.0 o.o.o.o 192.168.14.1

Now I create Site to site tunnel from both FW with other site which peer IP is 3.3.3.3. In this scenario, will the load balancing work between ISP links and Site to Tunnel. Thanks

Hi, Is it possible? Please let me know if want to know anything else. Thanks

??

possible for load balancing between 192.168.12.0/24 and internet

but you can't do loadbalancing between 192.168.12.0/24 and remote side.

What would be happen, if I add route command for return traffic for inside network (192.168.12.0) from remote site. Will it communicate. Thanks

I think you can lose half of the traffic.

The problem will be on remote site.

And you need to have identical crypto access-lists for different peers (ASA1, ASA2).

yeah, its not an issue. I will make crypto settings and exempt the network for both ASA FW. What wud be the issue if i go with similar configuration. I havn't two ISP lines otherwise I wud test it. Can anyone test this scenario.. Thanks

Anyone respond...

Review Cisco Networking for a $25 gift card