No announcement yet.

ASA and Load sharing using 2 ISPs

  • Filter
  • Time
  • Show
Clear All
new posts

  • ASA and Load sharing using 2 ISPs

    Guys, need some help and here is the context:

    I have a Site-to-Site VPN set up.

    In one site I am terminating my internet connection at the ASA via ISP1.

    Now all of this will change. I am deploying a second WAN link via ISP2. Because I have some interesting private traffic coming from my internal server X, I need to send this traffic via ISP1 and the rest of private traffic coming from my other servers Y, Z via ISP2. Because ASA does NOT support PBR (policy based routing), my solution is to deploy a router in front of the ASA where I will terminate the 2 WAN connections. I am using ASA to NAT all my private traffic and the Router to apply PBR.

    Here is my issue:

    Ignoring most of the configurations this is the relevant part.

    I am using a private subnet between ASA and Router because I do not have any other public IP other that the 2 subnets provided by the ISPs and being used in the Router WAN interfaces.

    ASA config:
    ---------------------- mostly ommited -------------------
    int G0/0
    nameif outside
    ip add
    --------- (truncated ----------------------

    #route outside 0 0

    Router config:
    --------------------- mostly ommited-------------------
    interface F0/0
    ip add
    ip policy route-map ISP in
    -------------------- (truncated ------------------------

    Question 1:
    The private subnet between ASA and Router can not be leaked out into Internet. How do I avoid this?

    Question 2:
    Is there any other completely different approach to still have load sharing with PBR ?

    I have been thinking on using the router to translate the private subnet via a static NAT ...but then I should have a public ip to translate it into. But how? All my 2 WAN interfaces have been used with the ISP subnets.



  • #2
    Re: ASA and Load sharing using 2 ISPs

    Thought your post would be an interesting GNS3 lab. Hopefully the design I came up with is close to what you are referring to.

    See attached EDGE and ASA configurations. I have included the GNS3 screenshot/PNG for reference.
    Attached Files