Cisco WAN :: WAN / Dual ISPs - Can ASA 5505 Do Load Balancing As Well
Jan 24, 2010
I want to link ASA 5505 to two ISP's for backup purpsose. I can see this configuration example here url...
Question - does the ASA 5505 do load balancing as well for both connections - is there an example somewhere? (I do not want to buy two ASA 5505's!) which seems the only way I could find configuration details for!
Friend of mine has a setup out in the sticks, currently with two ISPs: Hughesnet satellite, and a line-of-sight WiFi provider; they're also getting a cel tower within range soon and he's looking at adding an HSPA/LTE connection via that as well.the first gives him a static IP and ridiculous speed and bandwidth at night... but far less speed and a painfully low bandwidth cap during the day (you go over, you pay through the nose).
The second gives lots of bandwidth but poor speeds (difficult to even watch a YouTube video) and a constantly-changing dynamic IP.The third, once implemented, will give him good speeds and decent bandwidth (I believe up to 10GB/mo) but again, will get spendy if he goes over that limit.Right now, I've got him set up with both routers plugged into the same network, multi-homed the NICs on his machines (192.168.0.* for Hughes, 192.168.1.* for LOS) and a little script on each computer that will change the default gateway to let him select which ISP he wants to use... however, it's going to get trickier with a third, and will make it even tougher to keep track of the bandwidth used on each one... especially with multiple computers, a DVR, and two users.
So I'm looking for some way to automate all this... something that will, say, use the HSPA feed most of the time for his whole home network, switch to LOS if it gets near the cap, and switch everything over to the satellite automatically during "unlimited" hours. Again, I'm not opposed to setting up something PC-based with the appropriate software, although for my own sanity, it would really need to be Windows-based (I'm way below n00b with Linux).
We've got a 1841 router with dual-WAN connection, one is Cable and it goes to Fa0/0, another one is ADSL2+ and it goes to WIC-ADSL card.I'm trying to configure a load-balancing and failover using per-packet or per-destination connection.I can configure "ip sla" for both connections pinging 2 different DNS IPs of 2 ISPs. But I can't configure command "track 1 rtr 1 reachability" and "track 2 rtr 2 reachability". There is no "rtr" allowed to type there. And all examples shows that command for load-balancing. What command to use for that or why I cannot use the above command?
I have a Cisco 1841 router connected to two different lines (same ISP) and I would like to load balance between them. I think I have achieved this point, but the problem is that remote VPNs do not work (only from Dialer1).This is my diagram:
We have deploy a Cisco ISR 2921 to connect two ISP for internet access, Link 1 is fix public IP, link 2 is xDSL.And we configure dual link load-balance, the configure just like the famous DOC "[URL]" name:"dual internet links NATing with PBR and IP SLA". Inside network to internet is ok, and traffic was load-balance, Dual link can be redundancy. But there has some issue we don't realize.Most people interesting how the inside traffic load-balance outside, but ignore the traffic from outside issue.
I have an ASA 5505 current f/w & the security plus license (to get the 3 nameif interfaces). Can I split traffic between two ISPs, (VPN traffic to one destination on a T-1 on one VLAN, and all other traffic using DSL to another VLAN) and using a different nat policy on both? I know load balacing isn't supported, only failover. I was just wondering if there was a way to make this work.
We got 2 ISPs -------> two ASA 5520 Primary / secondary --------> LAN . ASA is configured with ACL and Static NAT for our mail , web & ftp servers .
My question is how to configure the 2nd ISP on the ASA to auto switch to the 2nd ISP when the 1st is down with a backup static NAT and backup ACL for the new ISP , in other words how to configure a active static NAT and Backup Static NAT and ACL only for Exchange/Mail Server.Here is the example of our configuration where PIE is Primary ISP & EMC is Backup ISP.
I inherited a network redesign project mid implementation and ran across an issue that I was not 100% sure able to be resolved. Implementation is occurring in which the organization is changing over to a different ISP and we have some customers that will not be able to change their settings over to our new addresses from some time. I have seen a lot of posts about fail over and dual ISP configurations, but I could not relate them to this particular scenario.
what you're doing to load balanace internet traffic? I'm interested in load balancing internet traffic (outbound -AND- INBOUND) using multiple (at least 2) ISPs. Some of the methods I have used in the past have certain weaknesses.. basic DNS load balancer (relies on multiple IP addresses per host), OER/PFR (ability to control INbound is limited unless complex configuration and coopearation with ISPs)... This is kind of a broad open ended question.. It seems like something that would be a common issue and am wondering what other are doing with the capabilities 2800, 2900, 3800, 3900 series routers..
I am in the process of configuring a ASA 5510 to replace an older PIX. This change is part of migrating to a new ISP, so the process is complicated by the existence of two outside interfaces. I have virtually everything working, but there is a requirement to be able to access hosts from the internal networks using both their private IPs and their public IPs. The older PIX took care of this silently with little configuration, but the ASA has me twisted on the details. Some of the hosts with public IPs are on the internal network and some are on a DMZ (not my design, inherited). For the internal ones I implemented hairpinning to take care of the requirement, but I am having trouble with the DMZ based hosts.. Since there are two external interfaces each internal host has two IPs and two static NAT rules to handle incoming traffic from each external interface.
The routins and dynamic NAT entries we have in place take care of accessing the hosts using their private IPs on the DMZ, but I cannot figure out how to get the public IPs to work from the internal network. It seems like a simple Static D-Nat shoudl do it, but when I add a Static D-Nat on the DMZ the public IP works, but the private IP breaks.. Is there a way to get them both to operate ?
Network layout looks like this (IP ranges altered):
DMZ 22.214.171.124.0 Class C INTERNAL 10.0.0.0 Class C Outside 126.96.36.199 Class C Outside2 188.8.131.52 Class C
After applying it I could access the public IP (184.108.40.206) from the internal network, but I could no longer access the DMZ IP (220.127.116.11) from the internal network. Is there any way to get this configuration to allow access to both IPs from the internal network ?
The problem here is that there are website links based on the public IP and the DNS is split so DNS returns the internal IP to users. As a result both need to be accessible from the internal network.. Not my favorite design, but the client (or in this case the boss) is always right so I need to get it working somehow.
Looking to have an ASA5510 with two internet feeds. Moreover, I would like to have my static nat translations continue to work on the backup feed. I have outbound nat working, however I cannot get the inbound nat to work. I had this all figured out in 7.x but now with 8.x I cannot seem to get it working. If anyone has a 8.x example config.
i have two public IPs on ASA5510 + Remote Access VPN Client, what i want to achieve is, i want VPN client users to be able to login using any of the two ISP's IP to remote connection to the ASA. what is the command to use to achieve this.
Secondly, i have setup the primary link VPN through ASDM but thinking i should do the same thing and add the "backup" interface.
I am setting up an ASA550 ver 7.2(3) - does this need upgrading?I have my ISP interfaces setup as primary and backup I have a static route pointing out:route primary 0.0.0.0 0.0.0.0 18.104.22.168 1 Question:Do I put the next static route to be route secondary 0.0.0.0 0.0.0.0 22.214.171.124 254 Will this set a high metric on the secondary route that will only take effect if the primary route is down? I assume I will need to have 2 sets of NAT rules to accommodate the dual ISP's
I need to know how to setup my ASA with dual wan links. 1 is 10/10 fiber, other will be a 50/5 Cable Wideband link. The 10/10 fiber is currnetly being used for VPN's and Internet, (about 20 point to point IPSEC vpn's currently).
I want to add the Wideband link and use the "Tunneled (Default gateway for VPN traffic)", feature for the current fiber link and the new Wideband link for any other internet traffice. I tried this however as soon as I set my fiber link to "Tunneled (Default gateway for VPN traffic), I lost all connectivity.
I also setup my "VPN" link with the "tunneled" option and my "INTERNET" link with a default route to the internet. This would only let me ping internet sites from the ASA device but not from client computers, also the VPN's would not come backup.
I have tried the sla setting with a DSL line for failover and that works good, i've since got rid of the DSL and want to utilize 2 wan links for different purposes/traffic.
ASA 5510, SSM-10 1GB RAM ASA version 8.4(1) ASDM Version 6.4(3) Context Mode Single FW Mode Routed License Security Plus
I have a Cisco 2811 router with two HWIC-ADSL cards configured for dsl connection. I have two lines from the same ISP and i am load balancing between them. I have created a couple of SLA's to check the state of the connections and add to the routing table the two default routes if both are up or any one of them is up.My problem is that when i try to download big files (especially antivirus updates) the download at some point stops (especially the antivirus exits with an error of unreachability). If i shut down one line everything works fine.Could i use something (configuration-wise) to prevent this problem from happening?????Is there any way i can combine the two lines? They are simple ADSL connctions with static ip's.
One of our customer just purchased ASR1002 router, they have three internet links from different ISPs and they dont have any remote site, they have three different public IP pool as their respective ISPs. So, is it possible to load balance the internet traffic using all three link on Cisco ASR router ( IOS - Advance Enterprise Services)
I need to configure DSL Load Balancing on Core Cisco Switch 4506-E. I have a Router Cisco 2811 with 2GE Ports and a Firewall Cisco ASA5505. I have 8 Physical DSL Connections with 1Mb each. I need to combine that 8 Mb on Core Switch and allow each end user to access the Internet via the available DSL connection which means that every user has 8 Mb available.
We have an ASA5520 pair that we will be installing to load balance SSLVPN connections. Below is a portion of our configs pertaining to the VPN load-balancing feature (configured on both ASAs):My specific question is related to routing of return traffic to load-balanced VPN sessions. Is there some kind of persistence function that tells the return traffic which ASA to route back to? For instance, if ASA1 has a VPN connection having IP address 10.211.112.1 associated to it, and ASA2 has a VPN connection having IP address 10.211.112.100, how does the return traffic for each connection know which ASA to route back to?
Currently we have deployed site to site vpn between 2 asa 5510 model. one is corporate site and one is remote site. now we plan to use radware load balancer in which 2 isp will terminate. now if at a remote site wecreate only 1 ipsec tunnel and mention sigle isp peering. if one isp fails at corporate how remote site will be access by site to site vpn through 2 isp vpn. what thing we need to do over asa as well as load balancer at both end.
We have Cisco CSS 11501 and connected in One-Arm way.Currently there are 4 source sending traffic and 3 server to receive the request. We are using Advance-balancing with Source IP. So the ratio become 2:1:1 or 1:2:1 or 1:1:2.But our target is to do the load balancing in equal ratio.
this router (RV016v3, Firmware: v4.1.1.01-sp (Dec 6 2011 20:03:18)) in regards to it not properly directing UDP packets out of the right WAN, as per the settings stored in Protocol Binding section of [System Management, Multi-WAN].I use the section to direct all traffic from desktop computers (192.168.5.100 ~ 192.168.5.199) through WAN4, and all VoIP related traffic (192.168.5.200 ~ 192.168.5.239) through WAN2(PPPoE).Everything seems to be working well except for some of the UDP traffic from 192.168.5.200 which is seen in the log going out of WAN4 instead of WAN2.I have even created a new entry for [UDP/5060~5060]->192.168.5.200~192.168.5.200(0.0.0.0~255.255.255.255)WAN2, and placed it at the very top of the list.Here are a few lines that I've observed in the log: (Refreshed the registration of two SIP Trunks configured in our PBX)
Feb 23 18:11:47 2012 Connection Accepted UDP 192.168.5.200:5060->126.96.36.199:5060 on eth4 Feb 23 18:11:46 2012 Connection Accepted UDP 192.168.5.200:5060->188.8.131.52:5060 on ppp2 Feb 23 18:11:46 2012 Connection Accepted UDP 192.168.5.200:5060->184.108.40.206:5060 on eth4 Feb 23 18:11:46 2012 Connection Accepted UDP 192.168.5.200:5060->220.127.116.11:5060 on ppp2
There are no static routes configured, so i'm baffled by what could cause some of the UDP packets to go through the wrong WAN.All TCP Traffic from 192.168.5.200 is seen going though WAN2 as it should.
I want to load balance my Internet traffic between two ASR 1001 routers that are connected to our core switches. Both routers are connected to the same ISP (Comcast) going to the same BGP AS on different /30 subnets. Is there a way for me to load balance my Internet traffic using both connections with BGP rather than having one of these connections sitting idle? If not, the only solution I see is to configure my layer 3 devices to split internet traffic between both routers (i.e. default routes with same AD).
We have a network topology like 2821 router with MPLS link and 881 Router with DSL Connection(DMVPN).
MPLS Link runs in BGP DSL Connection runs in EIGRP.
So the existing scenario is like When ever MPLS link goes down Traffic will be moved to DSL connection. and once it come again it will be moved back to DSL using HSRP we are doing this. in this case most of the times my DSL connection will be in standby mode.Now my management decided to use both the links in active state and want to do some load balance between the links for some specific traffic like Internet, WSUS Updates, Antivirus updates need to go through the DSL connection even the MPLS is up and running.
I have a rv042 router with two internet connections. I have setp the WAN1 and WAN2 and set the load balance mode. Surfing on internet is then not a problem and I checked that I was using the two internet connection.However if I try to connect to my corporate (OWA) outlook web access i am looping on the first page where I should provide my credentials.I know that most of the load balancer could be set up with a sticky bit to keep the session on the same WAN connection.