Load Balancing between 2 ISPS on Cisco ASA 5520

Posted on 2007-08-07
Last Modified: 2013-11-05

Have a Cisco ASA 5520 appliance and i would like to configure it to use 2 ISP's for the purpose of load balancing. ISP A is a wireless internet connection with a range of IP addresses and ISP 2 is a SHDSL connection with another range of IP addresses which we've purchased. Both links are with different ISPS. I would like to have both links avaliable at the same time. We do the load balancing via our custom application that the end users use to access our systems externally.

However when they make a connection to our firewall using ISP A the packet must then travel back via the same ISP as well. Same goes with ISP B..

Im alittle stuck on how to acheive this. I havent employed any routing protocols as yet but im open to suggestions. I also have a cisco 1721 router as well with 2 WICS cards and 1 internal interface, so i dont know if i can use this to connect to the two isps, doing some fancy routing then pass the traffic to the ASA appliance..
Question by:secure181
    LVL 79

    Expert Comment

    ASA does not do load balancing. It will do failover routing only.
    Your best bet may be to get a purpose-built product like fatpipes superstream
    You cannot achieve true load-balancing with the 1721. You can get some load-sharing at best and double-natting makes for some tough challenges.

    Author Comment

    Let's say that i didn't want to load balance, and i just wanted to be able to have two isp links coming into the ASA 5520 and using NAT to translate to different hosts behind the server, but when the packet leaves it has to go out the same interface that it came in on.. is that possible?
    LVL 79

    Accepted Solution

    Yes, because only one outside interface is going to be forwarding at any one time.

    Expert Comment

    The ASA can do Load Balancing, you simply enter up to 3 Defaul Routes to different ISPs and it will load balance them in a round robin fashion!
    The problem here is with the requirement that certain IP traffic that comes in ISP A needs to go back out ISP A, and vice-versa.

    If you knew of certain IP Ranges that were used by the relevant ISPs you could possibly do some form of Policy Based Routing, but I think this is going to be too much trouble as you will not be able to definitively say which subnets come in which from which ISP. If you can then it should be achievable!
    LVL 1

    Expert Comment

    yeah, but can't you use multiple contexts on the ASA to achieve dual ISP load balancing?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

    Title # Comments Views Activity
    loop Guard /UDLD 5 29
    Missing Crypto Commands 6 38
    pfSense IP Helper 4 28
    PAT's on the outside interface of a ASA 5510 3 17
    We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
    In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now