secure181
asked on
Load Balancing between 2 ISPS on Cisco ASA 5520
Hello,
Have a Cisco ASA 5520 appliance and i would like to configure it to use 2 ISP's for the purpose of load balancing. ISP A is a wireless internet connection with a range of IP addresses and ISP 2 is a SHDSL connection with another range of IP addresses which we've purchased. Both links are with different ISPS. I would like to have both links avaliable at the same time. We do the load balancing via our custom application that the end users use to access our systems externally.
However when they make a connection to our firewall using ISP A the packet must then travel back via the same ISP as well. Same goes with ISP B..
Im alittle stuck on how to acheive this. I havent employed any routing protocols as yet but im open to suggestions. I also have a cisco 1721 router as well with 2 WICS cards and 1 internal interface, so i dont know if i can use this to connect to the two isps, doing some fancy routing then pass the traffic to the ASA appliance..
Have a Cisco ASA 5520 appliance and i would like to configure it to use 2 ISP's for the purpose of load balancing. ISP A is a wireless internet connection with a range of IP addresses and ISP 2 is a SHDSL connection with another range of IP addresses which we've purchased. Both links are with different ISPS. I would like to have both links avaliable at the same time. We do the load balancing via our custom application that the end users use to access our systems externally.
However when they make a connection to our firewall using ISP A the packet must then travel back via the same ISP as well. Same goes with ISP B..
Im alittle stuck on how to acheive this. I havent employed any routing protocols as yet but im open to suggestions. I also have a cisco 1721 router as well with 2 WICS cards and 1 internal interface, so i dont know if i can use this to connect to the two isps, doing some fancy routing then pass the traffic to the ASA appliance..
ASKER
Let's say that i didn't want to load balance, and i just wanted to be able to have two isp links coming into the ASA 5520 and using NAT to translate to different hosts behind the server, but when the packet leaves it has to go out the same interface that it came in on.. is that possible?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The ASA can do Load Balancing, you simply enter up to 3 Defaul Routes to different ISPs and it will load balance them in a round robin fashion!
The problem here is with the requirement that certain IP traffic that comes in ISP A needs to go back out ISP A, and vice-versa.
If you knew of certain IP Ranges that were used by the relevant ISPs you could possibly do some form of Policy Based Routing, but I think this is going to be too much trouble as you will not be able to definitively say which subnets come in which from which ISP. If you can then it should be achievable!
The problem here is with the requirement that certain IP traffic that comes in ISP A needs to go back out ISP A, and vice-versa.
If you knew of certain IP Ranges that were used by the relevant ISPs you could possibly do some form of Policy Based Routing, but I think this is going to be too much trouble as you will not be able to definitively say which subnets come in which from which ISP. If you can then it should be achievable!
yeah, but can't you use multiple contexts on the ASA to achieve dual ISP load balancing?
Your best bet may be to get a purpose-built product like fatpipes superstream
http://www.fatpipeinc.com/superstream/index.html
You cannot achieve true load-balancing with the 1721. You can get some load-sharing at best and double-natting makes for some tough challenges.