[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Load Balancing between 2 ISPS on Cisco ASA 5520

Posted on 2007-08-07
5
Medium Priority
?
17,740 Views
Last Modified: 2013-11-05
Hello,

Have a Cisco ASA 5520 appliance and i would like to configure it to use 2 ISP's for the purpose of load balancing. ISP A is a wireless internet connection with a range of IP addresses and ISP 2 is a SHDSL connection with another range of IP addresses which we've purchased. Both links are with different ISPS. I would like to have both links avaliable at the same time. We do the load balancing via our custom application that the end users use to access our systems externally.

However when they make a connection to our firewall using ISP A the packet must then travel back via the same ISP as well. Same goes with ISP B..

Im alittle stuck on how to acheive this. I havent employed any routing protocols as yet but im open to suggestions. I also have a cisco 1721 router as well with 2 WICS cards and 1 internal interface, so i dont know if i can use this to connect to the two isps, doing some fancy routing then pass the traffic to the ASA appliance..
0
Comment
Question by:secure181
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 19653057
ASA does not do load balancing. It will do failover routing only.
Your best bet may be to get a purpose-built product like fatpipes superstream
http://www.fatpipeinc.com/superstream/index.html
You cannot achieve true load-balancing with the 1721. You can get some load-sharing at best and double-natting makes for some tough challenges.
0
 

Author Comment

by:secure181
ID: 19666870
Let's say that i didn't want to load balance, and i just wanted to be able to have two isp links coming into the ASA 5520 and using NAT to translate to different hosts behind the server, but when the packet leaves it has to go out the same interface that it came in on.. is that possible?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1500 total points
ID: 19666957
Yes, because only one outside interface is going to be forwarding at any one time.
Reference:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
0
 

Expert Comment

by:LAServices
ID: 24240432
The ASA can do Load Balancing, you simply enter up to 3 Defaul Routes to different ISPs and it will load balance them in a round robin fashion!
The problem here is with the requirement that certain IP traffic that comes in ISP A needs to go back out ISP A, and vice-versa.

If you knew of certain IP Ranges that were used by the relevant ISPs you could possibly do some form of Policy Based Routing, but I think this is going to be too much trouble as you will not be able to definitively say which subnets come in which from which ISP. If you can then it should be achievable!
0
 
LVL 1

Expert Comment

by:jbrumbel
ID: 24396486
yeah, but can't you use multiple contexts on the ASA to achieve dual ISP load balancing?
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question