Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
527
Views
0
Helpful
1
Replies

Two ISR Router with ISP on each for HW HA , Query on Load balancing with Dual ISR routers.

sharan.warrior
Level 1
Level 1

‎01-10-2020 09:24 AM

Hi Masters,

Need help with Traffic engineering with the setup.

Have Two ISR routers with One ISP on each for WAN connection.

WAN Config: Static Public IP, Default Route towards ISP, NAT/PAT, Port forwading to firewall for IPSec tunnels.

HSRP is enabled for G/W redundancy towards LAN side, so only one ISP is active at any time.

Firewall in HA

Layer3

& LAN Segment

 

Now, i have  4 IPsec tunnels, by default  R1 will be Active on HSRP and all the tunnels will be up through R1-ISP1.

 

Query@can we load share the Tunnels 2 on R1 and 2 on R2

 

Note:- the IPSec tunnels destination differs based on the link it goes respectively ISP-1 and ISP2.

ex: a AWS tunnel through ISP-1  destination would be 1.1.1.1, in case of ISP-1 failure, same AWS tunnel via ISP-2 will be with destination 2.2.2.2

 

Please share some of the best practices for  load sharing between two ISR routers.

 

TWO ISR routers are used for Hardware redundancy.

 

Thank you in advance.

Labels:
Preview file
28 KB
0 Helpful
1 Reply 1

Francesco Molino
VIP Alumni
VIP Alumni

‎01-11-2020 02:53 PM

Hi.
If I understood correctly, your tunnels with AWS terminate on FW ASA-1 and coming from R1 only. You want to still terminate tunnels on ASA-1 (because it's an HA and you can't terminate them on ASA-2) but this time you want 2 of them coming through R1 ISP and 2 through R2 ISP. Is that right?
Let's assume the following for reference:
- AWS-1 = tunnel 1 through R1
- AWS-2 (IP= 22.22.22.22) = tunnel 2 through R2
- AWS-3 = tunnel 3 through R1
- AWS-4 (IP= 44.44.44.44) = tunnel 4 through R2
- R1 IP facing ASA = 1.1.1.1 (nameif asa = outside1)
- R2 IP facing ASA = 2.2.2.2 (nameif asa = outside2)
If so, you can do it and on your ASA you'll have to adjust the routing (static routes for example) to prefer AWS public IP AWS-2 + AWS-4 to go over R2 and keep the route towards R1 with a high AD.
Example:
route outside1 0.0.0.0 0.0.0.0 1.1.1.1
route outside2 22.22.22.22 255.255.255.255 2.2.2.2
route outside1 22.22.22.22 255.255.255.255 2.2.2.2 50
route outside2 44.44.44.44 255.255.255.255 2.2.2.2
route outside1 44.44.44.44 255.255.255.255 2.2.2.2 50

How is your default route redundancy managed today on ASA?

If I misunderstood, please correct my statement and I'll provide other examples based on your expectations.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card