i have an existing connection to a single ISP (ASA_1 -> 2811_1 -> ISP1).
We are adding a second ISP (ISP2) for redundancy and load sharing between the two WAN links. We want to maintain conncetivity if one ISP link is down.
On my side, I am adding a second ASA_2, and router 2811_2 as shown on the diagram. The router will config NAT for the inside network behind the router.
The ASA will be configured as Active/Standby.
We are not using BGP, so it will be static route pointing to the gateways to the ISPs.
ip route 0.0.0.0 0.0.0.0 isp1
ip route 0.0.0.0 0.0.0.0 2811_2
ip route 0.0.0.0 0.0.0.0 ips2
ip route 0.0.0.0 0.0.0.0 2811_1
Can anyone please give me an idea if this design will work?
Why don't use Gateway Load Balancing Protocol, which provides redundancy and load sharing?
Here there is an overview of the protocol:
Here you can find an example of configuration: http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a008042fb97.html#wp1048162
I hope this helps.
What I would do in your case is to remove the link between the 2800 series routers and do the following:
Connect the 2811_1 to ASA_2 and 2811_2 to ASA_1
That way you can configure each ASA to be standby/active for each other as well as you are going to be able to use the "Redundant or Backup ISP configuration" feature from the ASA.
In regards to the load sharing, you can configure each switch with an static route to their respective ASAs; the ASA will route the traffic out to their main ISP configured. The traffic will be rerouted automatically in case that the ISP goes down.
Enter another static route in each switch pointing to the other one in case the ASA fails. That way the switch will try the alternate route if it can't reach the default one.
Hope this helps.
thanks, it makes more sense to connect the 2811_1 to ASA_2 and 2811_2 to ASA_1. But the article for the config on the ASA only will achieve redundancy, not load sharing; to the internet.
the customer's service provider won't advertise anything less than a Class C network, which in my case, is only a /29 subnet. So, i can't use BGP.
In order to get load sharing, is it possible to configure GLBP between 2811_1 and 2811_2 and track both outgoing interfaces to the internet?
From the ASA, point a default router to the virtual ip of GLBP.
I hope this would handle redundancy and load sharing. Will this work?
What about the inbound traffic, do i have any control?
Hope i am getting close.
Any advise would be much appreciated.
You're getting close.
The only way to really do what you want to do deterministically is Optimized Edge Routing. That will basically determine the best exit for your traffic (based on something as easy as availability), apply the correct NAT, and get it to the right ISP in any situation.
Lots of reading ahead :-) :
According with the diagram provided by you, your network doesn't seem that complicated so, why don't keep it as simple as possible?
Since each switch is connected somehow to a dedicated ISP, right there you will accomplish load balancing at least your applications take a lot of bandwidth, or the amount of devices connected to each switch differs greatly.
Remember, you can also configure VLans along with access lists to achieve your purpose.
Before getting into any advanced configuration I suggest implementing a monitoring tool in order for you to find out how much bandwidth is being utilized, what application is using it, etc and then decide the best approach to your problem.
I hope it helps.