Load-sharing for Cisco ASA.

santiago.jem · ‎06-29-2017

Hello experts,

Good day!

I have this device, Cisco ASA 5515 with version ASA 9.5(2)2

Can we do a load-sharing on our internet bound traffic with 2 internet circuit coming from 2 different ISP?

What we plan to do:

1. Users on VLAN10 will route through ISP1 - if ISP1 goes down, traffic will route to ISP2.

2. Users on VLAN 20 will route through ISP2 - if ISP2 goes down, traffic will route to ISP1.

I understand that VLAN10 to be routed to ISP1 and VLAN20 to be routed to ISP2 can be done through route-maps with 2 sequence numbers.

It is when the links fails and moves traffic to the other link where things get a bit complicated.

Is this even possible?

Thank you.

Jason Gervia · ‎06-29-2017

I'd probably just use load sharing using zones and ignore the vlans unless there is a business reason to do so:

CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.3 - Traffic Zones [Cisco ASA 5500-X Series Fi…

But what you want to do is possible. Check the 'verify availability' portion of this link:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-bas…

From the doc:

Verify if the next IPv4 hops of a route map are available:

set ip next-hop verify-availability next-hop-address sequence_number track object

You can configure an SLA monitor tracking object to verify the reachability of the next-hop. To verify the availability of multiple next-hops, multiple set ip next-hop verify-availability commands can be configured with different sequence numbers and different tracking objects.

santiago.jem · ‎06-30-2017

Thanks for your reply Jason. This is actually the first time that I've heard of this Traffic Zones. May need to lab this up.