cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2867
Views
0
Helpful
7
Replies

.

nshringe1
Level 1
Level 1

.

7 Replies 7

varrao
Level 10
Level 10

Neil,

ASA is not a device for load-balancing, you can configure dual-ISP, swhich provides redundancy for your ISP link, but we cannot have two ASA's active and load balance the traffic on these two ISP's. Although you might want to have a look at this document, though this configuration is not supported:

https://supportforums.cisco.com/docs/DOC-15622

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao

Varun,

Thank you for your response. I want to clarify the following.

1. Can we setup the two ASA's in active standby mode for two ISP's?

At anytime only one ASA will be operational with one ISP.

If ISP-A goes down ASA1 switches to ISP-B.

If ASA1 goes down ASA2 picks up and carries on the work being done by ASA1.

Best Regards,

Neil

Neil,

Absolutely, you can very well configure the said requirement, so its going to be failover for the two firewalls and also Dual ISP configured for it as well.

Just for your help, here are the configuration:

Dual ISP ---> http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Active/Standby failover ---> http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

You can configure redundancy for ISP connection but not load-balance the traffic hitting the firewall.

Let me know if this is what you were looking for.

Thanks,

Varun

Thanks,
Varun Rao

Varun,

I was checking Cisco.com and came across this article which talks about active/active with dual ISP using asr groups.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/failover.html#wp1052847

Can you shed some light on this?

Best Regards,

Neil

Neil,

I am not sure about what exact question do you want to add, are you pointing towards the term load-balancing used in the document or how do we configure the dual isp with failover?

if you are looking for a sample config, here it is:

http://www.cisco.com/en/US/partner/docs/security/asa/asa82/configuration/guide/ref_examples.html#wp1065283

Thanks,

Varun

Thanks,
Varun Rao

I was referring to the fact the document carried out load balancing, refer fig 14.1.

We plan to go with ISP failover with Active/standby setup on the ASA, since active/active with dual ISP is unsupported.

The link provided cannot be accessed using my cco id. Can you provide an alternate link?

Thanks,

Neil

Here's the pdf attached

Thanks,

Varun

Thanks,
Varun Rao
Review Cisco Networking for a $25 gift card