05-09-2011 06:32 AM - edited 03-06-2019 04:57 PM
05-09-2011 06:48 AM
Neil,
ASA is not a device for load-balancing, you can configure dual-ISP, swhich provides redundancy for your ISP link, but we cannot have two ASA's active and load balance the traffic on these two ISP's. Although you might want to have a look at this document, though this configuration is not supported:
https://supportforums.cisco.com/docs/DOC-15622
Hope this helps.
Thanks,
Varun
05-09-2011 07:09 AM
Varun,
Thank you for your response. I want to clarify the following.
1. Can we setup the two ASA's in active standby mode for two ISP's?
At anytime only one ASA will be operational with one ISP.
If ISP-A goes down ASA1 switches to ISP-B.
If ASA1 goes down ASA2 picks up and carries on the work being done by ASA1.
Best Regards,
Neil
05-09-2011 07:21 AM
Neil,
Absolutely, you can very well configure the said requirement, so its going to be failover for the two firewalls and also Dual ISP configured for it as well.
Just for your help, here are the configuration:
Dual ISP ---> http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
Active/Standby failover ---> http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml
You can configure redundancy for ISP connection but not load-balance the traffic hitting the firewall.
Let me know if this is what you were looking for.
Thanks,
Varun
05-09-2011 07:39 AM
Varun,
I was checking Cisco.com and came across this article which talks about active/active with dual ISP using asr groups.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/failover.html#wp1052847
Can you shed some light on this?
Best Regards,
Neil
05-09-2011 10:41 AM
Neil,
I am not sure about what exact question do you want to add, are you pointing towards the term load-balancing used in the document or how do we configure the dual isp with failover?
if you are looking for a sample config, here it is:
Thanks,
Varun
05-09-2011 12:17 PM
I was referring to the fact the document carried out load balancing, refer fig 14.1.
We plan to go with ISP failover with Active/standby setup on the ASA, since active/active with dual ISP is unsupported.
The link provided cannot be accessed using my cco id. Can you provide an alternate link?
Thanks,
Neil
05-09-2011 12:34 PM
Here's the pdf attached
Thanks,
Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide