Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
581
Views
0
Helpful
1
Replies

Load Balance Between Two Router, Two ASA and two ISP

mohammed.misbahuddin
Level 1
Level 1

‎11-16-2015 01:49 PM

Hi,

I have a scenario with two routers, two ASA 5515X and two ISP. I need to configure load balancing so that site to site tunnel traffic should follow ISP 1 and rest of the traffic should follow ISP2 and all the traffic with one either of the ISP in case of ISP down.

Not sure how practical is but i need configuration and design suggestion. attached is the design

Labels:
Preview file
42 KB
0 Helpful
1 Reply 1

Boris Uskov
Level 4
Level 4

‎11-17-2015 07:34 AM

Hello, Mohammed.

I can suggest to configure two HSRP Groups on inside interfaces of Router A and Router B. For Example:

RouterA(config)# interface vlan 50
RouterA(config-if)# ip address 192.168.1.10 255.255.255.0
RouterA(config-if)# standby 1 priority 200
RouterA(config-if)# standby 1 preempt
RouterA(config-if)# standby 1 ip 192.168.1.1
RouterA(config-if)# standby 1 authentication MyKey
RouterA(config-if)# standby 2 priority 100
RouterA(config-if)# standby 2 ip 192.168.1.2
RouterA(config-if)# standby 2 authentication MyKey


RouterB(config)# interface vlan 50
RouterB(config-if)# ip address 192.168.1.11 255.255.255.0
RouterB(config-if)# standby 1 priority 100
RouterB(config-if)# standby 1 ip 192.168.1.1
RouterB(config-if)# standby 1 authentication MyKey
RouterB(config-if)# standby 2 priority 200
RouterB(config-if)# standby 2 preempt
RouterB(config-if)# standby 2 ip 192.168.1.2
RouterB(config-if)# standby 2 authentication MyKey

So that, you'll be able to use 192.168.1.1 virtual HSRP address to reach ISP1 and 192.168.1.2 to reach ISP2. 

After that you need to configure static routes on cisco ASA. Let's assume, the remote VPN peer will have IP address 1.1.1.1 and the subnet 10.20.30.0/24 behind it. So, you'll need to configure following static routes on cisco asa:

route outside 1.1.1.1 255.255.255.255 192.168.1.1

route outside 10.20.30.0 255.255.255.0 192.168.1.1

route outside 0.0.0.0 0.0.0.0 192.168.1.2

And, of cource, HSRP configuration on routers should be accomplished with tracking object to track the availability of ISPs.

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents