I have two Internet connections which are connected to two ISR 2951s. Also I have two ASAs 5545-Xs, which I want to use in Active/Active failover mode with multicontext. The question is: how can I configure ASAs to perform ISP load-balancing as well?
View 4 RepliesWe have an ASA 5540 running 8.4(1) on the inside of dual Internet-facing border routers. The routers run BGP facing out and EIGRP facing in, with the ASA also running EIGRP for the same AS. Both routers redistribute a default route into EIGRP. It was my understanding and expectation that the ASA would learn both of these, as they are equal cost, and load-balance the outbound traffic over the two links. This does not appear to be the case.
The routers both have:
router eigrp 100
network nn.nn.nn.nn 0.0.0.0
redistribute static
[Code].....
We use Cisco ASA 5520 (in HA configuration) connected to Cisco Switch 3750, ISP connection (25 Mbps) is straight to cisco 3750 switch. Since, Internet traffic is now high, a seecond ISP will be added.Our plan is to do Internet Link Load Balancing. My understanding that AS5520 can not do balancing.What appliance do you think I can use to accomplish the link balance?Also, take in consideration that our current ASA is also our VPN server and there are two DMZ zones.
View 1 Replies View RelatedWe want to achieve a load balancing scenario using Virtual IP on DMZ interface on a Cisco ASA 5520.
The IPs we are going to use on DMZ are 10.15.1.2 and 10.15.1.3
These IPs are going to be NATted to all inside IPs.
Lets say our outside IP is X.X.X.X
This IP points to 10.15.1.2 and 10.15.1.3 with .2 being the primary and .3 being the secondary. When I hit the outside IP, it should point me to .2 and that .2 should take me to the inside IPs.
Do you know how to configure PAT on Cisco ASA 5545x?
View 2 Replies View RelatedDue to increase of demands on our ASA cluster, we need to upgrade to a new cluster of 5545x. Our current config contains a lot of S2S & NAT
View 1 Replies View RelatedI have two switches and two ASA in active/standby as connected below. These devices are running OSPF 128 in one area (Area 0).I'm pinging from both laptops to each other both ways. The ASA has the latest "8.6.1-5" image. I've configured the firewall failover polltime to 1s with holdtime of 4s. Pings both ways OK.
<LAPTOP> IP:10.112.132.10/24
| [ACCESS PORT VLAN10]
/ <SWITCH> [SVI VLAN10: IP:10.112.132.1/24]
/ [SVI VLAN20: IP:10.113.128.11/28]
.12 / [ACCESS PORT VLAN20] .13
[code]....
I fail the primary firewall (ASA-ACTIVE). I get a 4 seconds ping loss which is expected (holdtime) however after 10 seconds of pings I get another outage which last anywhere between 5 and 15 seconds. I've done a fair amount of debugging and I did notice that the second outage occurs with the OSPF neighbor goes from "loading" to "full". This doesn't make any sense because the routing table is fully populated when going to “full”.
When perfoming a manual fail back (type failover active on ASA-ACTIVE), pings goes on for approximately 10seconds and then an outage between 5 to 15 seconds. Agsin this outage occurs when OSPF neighbor goes from "loading" to "full".I've tried debugging on the switches and found nothing.
Do you know how to create a static nat from outside to inside and using services, this is a firewall 5545x
View 9 Replies View Relatedi'm trying to accomplish the following:I want to trasport a bunch of vlan layer 2 etherchannel on a pair of layer3 connections, using L3 to load balance.i was considering a pair of options:
1) bridging + gre (non applicable since i cant bridge 2 interface beloging to a etherchannel to a tunnel)
2) L2TP is it possible to accomplish this with the above tecnology? any reference, configuration example?
3) AoMLPS is it possible to accomplish this with the above tecnology ? any reference, configuration example?
I cant modify topology, the routers used are ASR1001 It is mandatory that both sites have a layer2 connection between them.
I have a Cisco 2811 router with two HWIC-ADSL cards configured for dsl connection. I have two lines from the same ISP and i am load balancing between them. I have created a couple of SLA's to check the state of the connections and add to the routing table the two default routes if both are up or any one of them is up.My problem is that when i try to download big files (especially antivirus updates) the download at some point stops (especially the antivirus exits with an error of unreachability). If i shut down one line everything works fine.Could i use something (configuration-wise) to prevent this problem from happening?????Is there any way i can combine the two lines? They are simple ADSL connctions with static ip's.
View 8 Replies View RelatedOne of our customer just purchased ASR1002 router, they have three internet links from different ISPs and they dont have any remote site, they have three different public IP pool as their respective ISPs. So, is it possible to load balance the internet traffic using all three link on Cisco ASR router ( IOS - Advance Enterprise Services)
View 3 Replies View RelatedI need to configure DSL Load Balancing on Core Cisco Switch 4506-E. I have a Router Cisco 2811 with 2GE Ports and a Firewall Cisco ASA5505. I have 8 Physical DSL Connections with 1Mb each. I need to combine that 8 Mb on Core Switch and allow each end user to access the Internet via the available DSL connection which means that every user has 8 Mb available.
View 7 Replies View RelatedWe have an ASA5520 pair that we will be installing to load balance SSLVPN connections. Below is a portion of our configs pertaining to the VPN load-balancing feature (configured on both ASAs):My specific question is related to routing of return traffic to load-balanced VPN sessions. Is there some kind of persistence function that tells the return traffic which ASA to route back to? For instance, if ASA1 has a VPN connection having IP address 10.211.112.1 associated to it, and ASA2 has a VPN connection having IP address 10.211.112.100, how does the return traffic for each connection know which ASA to route back to?
View 1 Replies View RelatedCurrently we have deployed site to site vpn between 2 asa 5510 model. one is corporate site and one is remote site. now we plan to use radware load balancer in which 2 isp will terminate. now if at a remote site wecreate only 1 ipsec tunnel and mention sigle isp peering. if one isp fails at corporate how remote site will be access by site to site vpn through 2 isp vpn. what thing we need to do over asa as well as load balancer at both end.
View 6 Replies View RelatedI have 2 rservers 10.30.1.73, 10.30.1.76,I have 3 URLs in both
[URL]
I want to have only one link for two same link in both servers with this ip address 10.30.1.172 so I will have 3 link and will load balance to 6 links
[URL]
i have a one 2811 router with 2 nos of HWIC-1FE card, and also i have two mpls connection [code] how can i configure it with mpls load balancing ?
View 10 Replies View RelatedHow is the best and easiest way to check kind of load balancing on the routers using BGP (Border Gateway Protocol)?
View 6 Replies View RelatedWe have Cisco CSS 11501 and connected in One-Arm way.Currently there are 4 source sending traffic and 3 server to receive the request. We are using Advance-balancing with Source IP. So the ratio become 2:1:1 or 1:2:1 or 1:1:2.But our target is to do the load balancing in equal ratio.
View 1 Replies View Relatedthis router (RV016v3, Firmware: v4.1.1.01-sp (Dec 6 2011 20:03:18)) in regards to it not properly directing UDP packets out of the right WAN, as per the settings stored in Protocol Binding section of [System Management, Multi-WAN].I use the section to direct all traffic from desktop computers (192.168.5.100 ~ 192.168.5.199) through WAN4, and all VoIP related traffic (192.168.5.200 ~ 192.168.5.239) through WAN2(PPPoE).Everything seems to be working well except for some of the UDP traffic from 192.168.5.200 which is seen in the log going out of WAN4 instead of WAN2.I have even created a new entry for [UDP/5060~5060]->192.168.5.200~192.168.5.200(0.0.0.0~255.255.255.255)WAN2, and placed it at the very top of the list.Here are a few lines that I've observed in the log: (Refreshed the registration of two SIP Trunks configured in our PBX)
Feb 23 18:11:47 2012 Connection Accepted UDP 192.168.5.200:5060->184.72.227.214:5060 on eth4
Feb 23 18:11:46 2012 Connection Accepted UDP 192.168.5.200:5060->50.56.59.168:5060 on ppp2
Feb 23 18:11:46 2012 Connection Accepted UDP 192.168.5.200:5060->184.72.227.214:5060 on eth4
Feb 23 18:11:46 2012 Connection Accepted UDP 192.168.5.200:5060->50.56.59.168:5060 on ppp2
There are no static routes configured, so i'm baffled by what could cause some of the UDP packets to go through the wrong WAN.All TCP Traffic from 192.168.5.200 is seen going though WAN2 as it should.
I want to load balance my Internet traffic between two ASR 1001 routers that are connected to our core switches. Both routers are connected to the same ISP (Comcast) going to the same BGP AS on different /30 subnets. Is there a way for me to load balance my Internet traffic using both connections with BGP rather than having one of these connections sitting idle? If not, the only solution I see is to configure my layer 3 devices to split internet traffic between both routers (i.e. default routes with same AD).
View 6 Replies View RelatedWe have a network topology like 2821 router with MPLS link and 881 Router with DSL Connection(DMVPN).
MPLS Link runs in BGP
DSL Connection runs in EIGRP.
So the existing scenario is like When ever MPLS link goes down Traffic will be moved to DSL connection. and once it come again it will be moved back to DSL using HSRP we are doing this. in this case most of the times my DSL connection will be in standby mode.Now my management decided to use both the links in active state and want to do some load balance between the links for some specific traffic like Internet, WSUS Updates, Antivirus updates need to go through the DSL connection even the MPLS is up and running.
I have a rv042 router with two internet connections. I have setp the WAN1 and WAN2 and set the load balance mode. Surfing on internet is then not a problem and I checked that I was using the two internet connection.However if I try to connect to my corporate (OWA) outlook web access i am looping on the first page where I should provide my credentials.I know that most of the load balancer could be set up with a sticky bit to keep the session on the same WAN connection.
View 4 Replies View RelatedDoes loadbalancing ldap services in ACE? Both port 389 and 636.
View 4 Replies View Relatedconfirm is Per packet load balancing is supported in the 3560's ?
I am going around in circles, and can't find a definate Y or N answer.
I have a suspicion this CEF feature is only available on routers.
I came up with a few ideas to Load Balance based on multiple ISPs. In our network setup we have a distribution layer of 3750s going to an ASR 1000 Series Router, which goes out to multiple ISPs, ISP1 and ISP2.
we also have a virtual fortinet appliance behind the 3750. If I say all traffic going to 0 - 126 goto ISP1, and 128 - 254 goto ISP2,and then obviously whatever NATd IP the customer has (ISP1 or ISP2), the return traffic will have to go to that specific IP. The traffic will allgo back to the virtual fortinet on the same interface, so I would assume I would be safe with uPF.I don't know of any ways to load balance based on Link Optimization, without implementing a load balancer?
i have cisco 1941 router with HWIC-4EWS Card We have two ISP, how to configure the load balancing
View 3 Replies View RelatedSIP Load balancing Issue with ACE 4710?I have a Cisco ace 4710 with vesion Version A4(2.2). i configued simple SIP load balancing first without stickiness. without stikeiness we are having a problem because bye packet at the was not going to the same server all the time that left our port in used even though user hang up the phone. its happen randmly. i have a total 20 licenced ports and its fill out very quickly. so i dicided to use the stickiness with call-ID but still same issue. below is the config
rserver host CIN-VOX-31
ip address 172.20.130.31
inservice
rserver host CIN-VOX-32
ip address 172.20.130.32
inservice
[code].....
I bought one of these I am very disappointed by the management interface which is very limited/restricitve.I completely agree with Antonio here. In my case, most of my traffic is HTTPS sobinding https ports to a given WAN port makes the load balancing completely useless!!I also hope there will be a software update including the possibility to keep the session on the same WAN connection.
View 1 Replies View RelatedWe have two asa5520 configured as primary and standby unit in fail over configuration, and all is working properly. Is it possible, with this configuration (fail over), to configure vpn load balancing/clustering?
View 7 Replies View RelatedI have a problem with the ACE 20 load balance
To start with following is our architectural request flow:
Load Balancer --> Webseal /(reverse proxy) --> HTTP Server --> Portal Server
We have Hardware Load Balancer Cisco ACE20. When we access our portal from Webseal server it works totally fine without any issue, but when we access the same application using ACE we face the following issues:
1) Some of the links on do not work. For eg: We have a link "subscribe" which points to [URL], whenever we click on this link, the request is directed to [URL] i.e homepage
2) URL redirection does not work We have some links which have a url forwarding or redirection for example when we open [URL] it forwards the requests to [URL] opendocument....., but this redirection fails and again the request is thrown to homepage i.e., [URL]
3) The response of the request and the overall portal when accessed via ACE is very sluggish and it takes 20 seconds for homepage to load, whereas the homepage loads in 4 secs when accessed via webseal.
Below is the ACE details.
Hardware Product Number: ACE20-MOD-K9 Card Index: 207 Hardware Rev: 2.3 Feature Bits: 0000 0002 Slot No. : 7 Type: ACE
Software loader: Version 12.2[120] system: Version A2(1.4) [build 3.0(0)A2(1.4) adbuild_11:54:12-2009/03/05_/auto/adbu-rel2/rel_a2_1_4_throttle/REL_3_0_0_A2_1_4] system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1_4.bin installed license: ACE-SEC-LIC-K9
We have an ASA5510 with two ADSL lines connected and the auto fail-over set up - this is all tested and if the main line fails, the backup line is used in it's place - no problem there.
However, I'd like to increase our connection speed, and one way I've done this in the past is to add a couple of extra ADSL lines to a router that is capable of load balancing.
I'm aware that the ASA5510 does not load balance (seems a waste as we've got the backup line just sitting there doing nothing!), but would it be feasible to add another router in front of the ASA device to perform this load balancing function?
I'm running an ACE 4700 appliance, i have a 4 server serverfarm setup, non-ssl, with leastconns predictor...i have tried round robin as well, and nothing...
I've taken each rserver out of service, and placed back in, and still, the traffic is handed off only to 1 server...
I do have sticky persistence (IP subnet)...
I'm workig with a friend on a project. The setup in place is on yacht that has 4 V-Sats and they are wanting to load balance across all four of these links via a Cisco 2911. My recommendation to him was to just create 4 static default routes to each V-SAT's ip address.
Would this accomplish the goal of load balancing? My concern is that would it actually load balance amongst the 4 links or just choose one and then move other to another link once the initial primary went down? Also would enabling CEF be an option if its a feature the 2911 can do? I've attached the visio to give a better idea.