Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2245
Views
0
Helpful
2
Replies

Nat load balancing

Go to solution
James Simpson
Level 1
Level 1

‎01-30-2015 08:47 AM - edited ‎03-11-2019 10:25 PM

Hi

 

 

I have a cisco ASA firewall (9.1). I have  2 x FTP servers that sit in the DMZ

 

10.99.1.60

10.99.1. 61                                   I want to NAT them to 193.164.55.20

 

So when ever an external connection trys to contact my FTP server it will pick either one at Random

 

 

Many thanks

 

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
David paull
Level 1
Level 1

‎01-30-2015 10:10 PM

I think you'd need to make the two servers a cluster and create a virtual server that includes both pieces of hardware.

 

From Cisco in regards to asa 9.1: Load balancing works with IPsec clients and SSL VPN client and clientless sessions. All other VPN connection types (L2TP, PPTP, L2TP/IPsec), including LAN-to-LAN, can connect to an ASA on which load balancing is enabled, but they cannot participate in load balancing.

 

There's a huge writeup here: http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/vpn/asa_91_vpn_config/vpn_params.html

 

And without the equipment to play with, I cannot offer anymore help.  Most of the load balancing I've dealt with is through netscalers and f5's.

View solution in original post

0 Helpful

Go to solution
joe19366
Level 1
Level 1
In response to David paull

‎01-30-2015 10:15 PM

this is a called ROTARY NAT.

 

its possible with IOS - but not ASA.

 

sorry

why not just run haproxy or windows lb service, have a single IP for both and be done with it?

 

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
David paull
Level 1
Level 1

‎01-30-2015 10:10 PM

I think you'd need to make the two servers a cluster and create a virtual server that includes both pieces of hardware.

 

From Cisco in regards to asa 9.1: Load balancing works with IPsec clients and SSL VPN client and clientless sessions. All other VPN connection types (L2TP, PPTP, L2TP/IPsec), including LAN-to-LAN, can connect to an ASA on which load balancing is enabled, but they cannot participate in load balancing.

 

There's a huge writeup here: http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/vpn/asa_91_vpn_config/vpn_params.html

 

And without the equipment to play with, I cannot offer anymore help.  Most of the load balancing I've dealt with is through netscalers and f5's.

0 Helpful

Go to solution
joe19366
Level 1
Level 1
In response to David paull

‎01-30-2015 10:15 PM

this is a called ROTARY NAT.

 

its possible with IOS - but not ASA.

 

sorry

why not just run haproxy or windows lb service, have a single IP for both and be done with it?

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card