We are now using a ASA 5510 firewall and we would like to configure a internet load balance traffic in our environment.For example, some IP addresses go through local gateway for internet routing but some address go through VPN tunnel gateway.
View 1 RepliesISP environment with 3 Cisco 7200 BRAS ( NPE-G2 ) , we need to load balance traffic between two of them so the load balancer will accept traffic from backhauling link and distribute traffic the upper two BRAS , can we achieve this using spare 7200 we have or is there any software solution can do this .
another question , Cisco 7200 VXR ( NPE-G2 ) , does it support concurrent calls or sessions from more than 16000 subscriber ?
We have 2mb mpls network between three sites. Each site also has its own internet connection for hosting webserver and internal users to access internet. Each site has a few internal subnets. Each site currently has a 2800 series ISR.
1) Increase Internet connection to 10mbps and configure site-to-site VPNS in a mesh configuration so that each site has a vpn to each other site. This would create six vpn tunnels.
2) Configure so that only Exchange and VoiP traffic use the MPLS network under normal conditions. All other traffic (backup/misc apps) should be routed to use the Internet VPNs. If the MPLS fails of course we would like the Exchange and VoiP traffic to fail over to the VPN connections as well until the MPLS comes back up.
i am having a problem of load balance traffic over two WAN links connecting our 2 cisco 7600 routers, as i just knew that 7600 is not supporting per packet load sharing only per destination and as per our monitoring tools that one link is underutulized the other is overutilized.
View 10 Replies View RelatedI have two ISP circuits and the following devices in hand:
1. Cisco ASA 5510
2. Cisco 2800 router
3. Cisco 3750 switch
I've finished a part of the configs on above equipments, please refer to the attached diagram.And I'm making a test in order to achieve the below features:
1. By default, packets from PC1 go out through ISP 1. Packets from PC2 go out through ISP 2
2. When ISP 1 is down, packets from PC1 changed its way to ISP 2 through the 2800 router. And when ISP 2 is down, Packets from PC2 changed its way to ISP 1 through ASA 5510.
We want to us an ISA570 and load balance between two isp connections, two of our switches will be standalones and not connected to one another. One switch will be for data and another VOIP/Data. The ISA will also do NAT and we need to make sure that the VOIP network can get out to the first isp. I assume we will need a static route for that to make sure it goes out the right isp. I just don't know if routing mode needs to be enabled in order to specify a static route, because I heard you can't have NAT and do routing mode at the same time.
View 2 Replies View Relatedi am using two internet connection if one fails the other want to connect automatically is there any hardware.
View 2 Replies View Relatedwhat you're doing to load balanace internet traffic? I'm interested in load balancing internet traffic (outbound -AND- INBOUND) using multiple (at least 2) ISPs. Some of the methods I have used in the past have certain weaknesses.. basic DNS load balancer (relies on multiple IP addresses per host), OER/PFR (ability to control INbound is limited unless complex configuration and coopearation with ISPs)... This is kind of a broad open ended question.. It seems like something that would be a common issue and am wondering what other are doing with the capabilities 2800, 2900, 3800, 3900 series routers..
View 6 Replies View Relatedconfigure a router 1812 as failover, I walk with fixed ip internet link in Fe0 (need to determine the mac) and a dynamic ip link in FE1, other ports with a single vlan dhcp 172.20.16.1
I managed to do DHCP, connect to internet, to make nat vlan. But I could not do failover and load balance neither.
I’m looking for some notes from the field guidance here from those that have much more deployment experience.
I have a GSS and an ACE, and its the ACE that's primarily giving me something to think about, in terms of placement and what mode to adopt.
The traffic flow will look loosely like this:-
Client---Internet---Firewall---GSS---ACE---Servers
Physically, it's like this. The RED line denotes a boundary, and pretty much anything North of that is not accessible to us, we simply have a L3 trunk between our switches and "their" switches (S3/S4) and talk using EIGRP.
There are other servers in the top tier, some that also require load balancing, some that don’t. Typically, I want to load balance HTTPS requests from the internet, to one of the 3 servers in the top half.
I’m not sure what mode to select, routed, one arm? What about placement of the ACE? At the moment, I’ve just configured 1/1 on it and made it part of the MG MT VLAN, it's S VI exists on the S1/S2 switches, so I’m open to change as it's still all in the lab.
I have been at this for the past few hours now. I just cannot get this device to pass through traffic to the internet. Here is the basic topology:
Default Gateway (ISP): 208.118.125.129/29
IP of outside int (e0/0): 208.118.125.130/29
ip of inside int (e0/1): 10.1.1.1/24
igniteCSGfw(config)# sho run
: Saved
:
ASA Version 8.0(4)
[Code].....
We are using an ASA 5510 as our gateway to our ISP. All of our VOIP traffic is sent to an Internet SIP provider for our outbound calls. Our pipe to the Internet is 100Mbps metro ethernet. I am trying to find a way to provide QoS for this traffic so that I can reserve 20Mbps of the available 100Mbps pipe for VOIP traffic.From what I've been able to figure out so far I would use a combination of priority queues and traffic policing. However, it seems that this is nearly impossible to accomplish because I cannot control the remote device that my ASA connects to because it is the ISP device. I could police traffic on the inside interface of the ASA. However, lets say that a client on our network starts downloading from an Internet host and the downloaded traffic saturates my Internet connection. I could police this incoming (from the Internet) traffic on my outside interface of the firewall. This would drop the packets but the bandwidth would have already been used by the time it reaches my firewall.Would the fact that I'm policing incoming traffic on my outside interface cause the sender to throttle down their transmit rate because packets are being dropped? Would this achieve my goal of guaranteeing available bandwidth for my VOIP traffic by not allowing other traffic to saturate the link?Most documents I find regarding this topic describe providing QoS for VOIP traffic traversing a VPN connection in which case you could configure both end devices.
View 1 Replies View RelatedWe have Cisco ASA 5510 256RAM running 8.2.4 with CSC 6.3.1172.4, it slows down internet traffics drastically when we do speed test, we get something like this, It the computer is bypassing the CSC, it gets This was done when there's very low traffic on the LAN and CPU is low usage on the CSC. The CSC has been re-imaged also but still doesn't solve the problem.
View 6 Replies View RelatedI need to route to sub nets form 2 different ASA interfaces. The ASA also has an outside interface works like gateway for internet access. Here is my configuration:
ASA Version 8.2(1)
host name ICE3
names
interface Ethernet0/0
name if outside
security-level 0
ip address 201.199.xxx.xx 255.255.255.248
[Code]....
What we are trying to accomplish here use two ISP's (one cable and one T1), use the Cable line for site-to-site VPN and use T1 line for all internet traffic. We currently use the following configuration: Cisco 2820 routers terminating the T1 -> HP switch -> Cisco AS 5510 port 0 -> port 1 to LAN switch (Nortel 5510)We want to force all VPN traffic (using 10.0.0.0/24 subnets - 10.0.1.0, 10.0.2.0, etc) through a cable connection, perhaps on port 2 of the ASA, then all non VPN traffic goes to the T1.
View 1 Replies View RelatedI am having an issue when implementing an additional internet connection on our ASA 5510. The new connection is "TWCOutside". I was my understanding that static NAT would force our externally hosted servers (Email, PPTP VPN, and FTP) to continue to utilize the "ATTOutside" connection. Our remote site-to-site VPN traffic has two static routes configured to force it to continue to use the ATTOutside connection.When I switch the metric on the 0.0.0.0 0.0.0.0 98.103.148.145 route to 1, and change out default dynamic xlate to use "TWCOutside", it "mostly" works as expected. Email, the PPTP VPN server, and our remote site-to-site VPN server continue to use the ATTOutside connection as designed. Our end users begin using the new connection for thier internet browsing.
However, our FTP server, in the DMZ, completley loses outside access. It cannot ping to 8.8.8.8, or resolve DNS queries. The is a static NAT statement for this server, as it is using one of our dedicated public IP addresses. I need it to continue to do so for the next few weeks.Effectivley, we just want to give our end users internet browsing on the new TWC link, but leave everything else on the old ATT link for the time being. The only problem I am having is the DMZ connection. I am currently "rolled back", so no one is using the new connection until I figure this out. I can easily switch the metric and dynamic PAT back to using the TWC connection, but I need to have some things to try with the DMZ before doing so. [code]
What is the best way to load balance traffic between an FWSM and ASA 5520? Both are attached to a 6509-E (in seperate VLANs). The problem is the FWSM doesn't support any dynamic routing protocols (in multi context mode). So with my limited knowledge I don't see a way to do this.
View 8 Replies View RelatedIs it possible configuring load balance with three intefaces, in my router with the following features?I have three ISP, and would like balance the traffic ... Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(2)T1, RELEASE SOFTWARE (fc1) Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.
Processor board ID FTX1613AH8D
3 Gigabit Ethernet interfaces
1 terminal line
2 Channelized (E1 or T1)/PRI ports
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
[code]....
I am using 192.168.1.1 as database server in head office. my branch user are more than 500. all user hit at 192.168.1.1 for database. Now i want to NAT with application server 192.168.1.50 and 192.168.1.51 with load balance As some user hit 192.168.1.1 form branch but traffic go to 192.168.1.50 and some users traffic go to 192.168.1.51.
I want to do it in My core router (Cisco 3845) in Head office. How i do these two things ?
So I can fail over my NAT and IPSEC VPN (DPD). I am curious can I load balance my WAN links too?
I have a route map that is used for fail over, I just can't quite think how I would load balance the links
ip nat inside source route-map 10mb interface GigabitEthernet0/1 overload
ip nat inside source route-map efm interface Vlan3 overload
ip route 0.0.0.0 0.0.0.0 213.38.xx.xx
ip route 0.0.0.0 0.0.0.0 46.226.xx.xx 10
access-list 175 deny ip 172.16.20.0 0.0.0.255 172.31.114.0 0.0.0.255
[code]....
We configured sa520 load balance with 2 isp 2mb+2mb how to check the status of the load balance on sa 520 .
View 1 Replies View RelatedI have problem with VPN and Load Balance at the same time.VPN (Gateway to Gateway) between two RV042 routers is working fine with only one WAN or two WAN's with Smart Link Backup. If i switch to Load Balance communication through VPN is almost impossible.
I have postgres server (port 5432) in first location and clients in another. Clients cannot connect to server or lose connection after while. This is example, but every communicaton except ICMP over VPN with Load Balance enabled is faulty (file sharing, RDP...). Everything works fine using public IP and port forwarding or VPN with only one WAN.
If i understand it correctly Protocol Binding should affect only "normal" communication (outside of VPN), but it looks like VPN communication is also divided between WAN1 and WAN2. Of course this cannot work this way because VPN works only with one WAN.
Another question - is it possible to bind communication TO selected target port with RV042 Load Balancing to selected WAN?
I would like know, what license is necessary to employ a load-balance in a 2911 router. I have these licenses bellow, can i configure an load balance?In this cenario we have two links with an ISP.
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(2)T1, RELEASE SOFTWARE (fc1)
Cisco CISCO2911/K9 (revision 1.0) with 479232K/45056K bytes of memory.
Processor board ID FTX1613AH8D
1 FastEthernet interface
3 Gigabit Ethernet interfaces
1 terminal line
2 Channelized (E1 or T1)/PRI ports(code)
We have a Dlink Lb 604 router. We have two wan connections. Connection 1 has a speed up to 8 Mbps.Connection 2 has a speed of 1Mbps.We set the load balance to 50-50. When we tested the speed with two lines it is showing 1 Mbps only.When working with connection 1 we are getting speed upto 6 Mbps.
View 1 Replies View RelatedI have a D-Link DSL 2640B on the way which I plan on using to replace my 2Wire modem. The 2640B is a combination of a modem/wireless device. Does it dynamically load balances the internet connection? Sometimes while I'm playing online games on my PC and a few others are using the internet for browsing or Youtube, I lag A LOT. Latency shoots up from 10 to 200. QoS goes to ****. And I only need 0.50-1Mbps to keep a steady online play. This was the problem with my 2Wire. So does the 2640B load balance the bandwidth?our max speed is 3.5Mbps according to the ATT Rep.
View 10 Replies View Relatedi need to know how many links i can using with load-balance on the same router ? i have router cisco 2901 , 3 providers , every provider having 4 links can i load balance between 12 links ? i am using static route
View 11 Replies View RelatedWhat is the load balance method of 3750 port channel ( by source ip , or by source mac ) to diver traffic to paths? I have tried to use 10.242.104.101 and 10.242.104.102 as source ip, it will travel to the same link (G0/1) within one port channel (G0/1+G0/2). Howerver, if I later use 10.242.104.109, then this time it will traffic to G0/2 link. What's the concept behind.
View 1 Replies View RelatedI want to split my traffic between two ISP's. I want all traffic to pass over one connection EXCEPT my VPN tunnels, which I want to use the second ISP. How should I set up (protocol binding?) to accomplish this? (I have run into various problems trying to load balance all traffic. So I am trying to "partition" traffic.)
View 1 Replies View RelatedI have set up an RV042 v1 and v3 both in Load Balancing mode. Set in Router mode.I want one of the WAN ports to be preferred so I added a static route to 0.0.0.0 metric 5 to that WAN.Sometimes the route shows in the routing table and sometimes it goes away!!
View 2 Replies View RelatedI have several RV16 with two internet connections each one, but different speed each wan connection, it takes the slowest wan connection allways, I use the round robin option, any clue in configuring?
View 1 Replies View Related--- I have 2 WLC's 5500 that I have to set up on my network with the same configuration except I am not sure that they can be load balanced.
-- My only thought is to take a full class C and on each WLC set up a /25, thus each device can provision 120 IP's
--- This seems a bit archaeic, but is there anything else smarter to do? Can they be load balanced?
How to load balance two/three ISPs using ACE.
What might be the default gateway?Can i create a serverfarm with two rserver with different subnets?
I configured a RV042 to load balance 2 WANs. It appears to working well but I would like a 2nd opinion as to whether or not I chose the proper settings to accomplish the task.
1. WAN1(ISP1) is the existing internet connection(1.5mb T1). I have a block of static IPs with ISP1.
2. I added ISP2 to the RV042's WAN2 connection to increase bandwith (10mb). I only have one static IP on ISP2.
3. I want everyone on this router to use WAN2... well... almost everyone... for the most part.
4. I want to keep WAN1 active on this router because there will be periodic inbound connections using static IPs (from ISP1) that are setup with one-to-one NAT. I also have a voicemail system that needs to continue to use ISP1's email relay (SMTP,25).
Anyway, I was able get the outgoing traffic that had to remain on WAN1 working with protocol binding. In order to get the router to use WAN2 for pretty much everything else, I set it for load balancing and set "Max. Bandwidth provided by ISP" for WAN1 up & down kbits/sec both to 32 (very low). I left the WAN2 up & down settings to the actual speed of WAN2.
The result is very low traffic on WAN1 and lots of traffic on WAN2 which is what I wanted. Did I do this right? Is there another preferred method to accomplish this.