• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 654
  • Last Modified:

Load Balancing in EasyVPN


Hi..,
I have a scenario that i need to create EasyVPN Client load balancing with a cisco ASA 5505 and 2 ADSL modems.
Scenario:
A cisco ASA 5510 FW is kept as EasyVPN Server in Head Office. there are two other sites , there cisco ASA5505 FW is kept as vpnclients.
Now in each site i need to add extra ADSL Modem with a new line. i.e there will be one FW and two internet lines. How can I balance the load of VPN traffic in these two lines by dividing users ( IP ) into two IP pools.

There will not be any change in Head office. Only one internet line will be used.

please advise…
0
ashraf2002
Asked:
ashraf2002
  • 4
  • 2
1 Solution
 
lrmooreCommented:
You cannot do it. The ASA will not load-balance over dual ISP lines, and only one VPN tunnel will be established. You can do redundant, failover VPN, but not load-balancing.
0
 
ashraf2002Author Commented:
Ok.. thats fine..

since the FW is in routed mode , can i use 2 interfaces as outside ( lets say outside1 and outside2 ). then create vpn tunnel in each.

Now lets forget about Load Balancing... instead we will classify the users in two groups ( IP pools ) and each will be routed to Outside interfaces... like group A will take outside1 path and Group B will take outside2 path.

is it possible to configure like this..?
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
lrmooreCommented:
No. There is only 1 default route and you must select Path 1 or 2 for the default.
You can create multiple site-site VPN tunnels using static routes to the endpoints, but you cannot route to the same remote network over multiple routes.
What you describe is similar to Source-based or Policy-based routing and the ASA is simply not capable of this feature.
0
 
ashraf2002Author Commented:
OK.. so what would you recommend for this scenario...
0
 
ashraf2002Author Commented:
Should i have a seperate FW.. for each line..?? or is it possible with contexts.. ??
0
 
ashraf2002Author Commented:
It was good...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now