01-30-2015 08:47 AM - edited 03-11-2019 10:25 PM
Hi
I have a cisco ASA firewall (9.1). I have 2 x FTP servers that sit in the DMZ
10.99.1.60
10.99.1. 61 I want to NAT them to 193.164.55.20
So when ever an external connection trys to contact my FTP server it will pick either one at Random
Many thanks
Solved! Go to Solution.
01-30-2015 10:10 PM
I think you'd need to make the two servers a cluster and create a virtual server that includes both pieces of hardware.
From Cisco in regards to asa 9.1: Load balancing works with IPsec clients and SSL VPN client and clientless sessions. All other VPN connection types (L2TP, PPTP, L2TP/IPsec), including LAN-to-LAN, can connect to an ASA on which load balancing is enabled, but they cannot participate in load balancing.
There's a huge writeup here: http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/vpn/asa_91_vpn_config/vpn_params.html
And without the equipment to play with, I cannot offer anymore help. Most of the load balancing I've dealt with is through netscalers and f5's.
01-30-2015 10:15 PM
this is a called ROTARY NAT.
its possible with IOS - but not ASA.
sorry
why not just run haproxy or windows lb service, have a single IP for both and be done with it?
01-30-2015 10:10 PM
I think you'd need to make the two servers a cluster and create a virtual server that includes both pieces of hardware.
From Cisco in regards to asa 9.1: Load balancing works with IPsec clients and SSL VPN client and clientless sessions. All other VPN connection types (L2TP, PPTP, L2TP/IPsec), including LAN-to-LAN, can connect to an ASA on which load balancing is enabled, but they cannot participate in load balancing.
There's a huge writeup here: http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/vpn/asa_91_vpn_config/vpn_params.html
And without the equipment to play with, I cannot offer anymore help. Most of the load balancing I've dealt with is through netscalers and f5's.
01-30-2015 10:15 PM
this is a called ROTARY NAT.
its possible with IOS - but not ASA.
sorry
why not just run haproxy or windows lb service, have a single IP for both and be done with it?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide