Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
578
Views
0
Helpful
3
Replies

Dual ISP & Dual ASA scenario

nicky0690
Level 1
Level 1

‎09-13-2011 09:03 PM - edited ‎03-04-2019 01:36 PM

Hi All,

  Scenario:-

  i) 2 ISP on 2 different routers.

  ii) 2 ASA (each ASA is connected to each routers directly)

                               ISP1                   ISP2

                                 |                       |

                              Rtr A                 RtrB

                                |                       |

                              ASA 1                ASA 2

                                \                       /

                                  \                   /

                                    \               /

                                     SWITCH 1

Requirement:-

i] Load Balancing/Load Sharing between both the ISP's.

ii] Active/Standby between both the ASA

Solution:-

i]  AS path prepending to be used for load sharing by running BGP.

ii] Configuring 2 default routes one for ISP1 and another as back up for ISP2 on ASA.

iii] PBR configuration on RtrA to forward the traffic on RtrB and vice versa.

iv] Stateful Failover on ASA

Kindly do let me know if this is good solution. Also, if there are any  challenges to implement this solution. If anyone has another better  solution please suggest.

Cheers,

Nikhil

Labels:
0 Helpful
3 Replies 3

Marwan ALshawi
VIP Alumni
VIP Alumni

‎09-14-2011 07:09 AM

First of all if you use the firewall inactive standby then you will Not be able to use both ISPs

A,so not sure about the pbr how and you use it ?

One more question is the switch configured as layer 2 or 3 ? Can you add another switch as o e switch will be single point of failure here

Also whatbis the default gateway used by hosts is it the Asa or a layer 3 interface in the switch if it's layer 3 ?

0 Helpful

nicky0690
Level 1
Level 1
In response to Marwan ALshawi

‎09-15-2011 11:06 PM

The switch will be configured as L3 switch. Yes, the switch will be single point of failure. We are planning to add one more switch to create redundancy.

L3 switch will be DG for the host as Vlans will be created on it.

Cheers,

Nikhil

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to nicky0690

‎09-15-2011 11:33 PM

Ok in this case you will need HSRP on the switches, but HSRP will provide you with active/standby

The ASA in failover mode will be in active/standby as well

If the above is ok with you then just make sure that you align the active hsrp and asa on the same side

If you looking for active active solution then you might use this method

Let's say you two LAN subnets LAN A and LAN B

Configure the hsrp groupnin both switches ton use switch 1 as active LAN A and switch 2 active harp for LAN B

Configure the ASAs to to work individually so each ASA will be working standalone active device

In each switch use static routes with ip sla tracking two static routes with tracking

In switch 1 static route/ default route point to ASA 1 with ip sla tracking to monitor the availability of the ASA1

Second static route point tonthebsecond ASA ip ( assuming you have route to the asa2 via the switch 2) set this static route with higher metric to be used in the case ASA 1 down/ not reachable

This way you can have your network active active and load balanced to some extent

Hope this help

If helpful rate

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card