Configuring load balancing – Cisco ASA 5505 User Manual

66-11

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 66 Setting General VPN Parameters

Configuring Load Balancing

Configuring Load Balancing

To use load balancing, configure the following elements for each device that participates in the cluster:

•

Public and private interfaces

•

VPN load-balancing cluster attributes

Note

All participants in the cluster must have an identical cluster configuration, except for the device priority
within the cluster.

Note

The Local CA feature is not supported if you use Active/Active stateful failover or VPN load-balancing.
The Local CA cannot be subordinate to another CA; it can act only as the Root CA.

Configuring the Public and Private Interfaces for Load Balancing

To configure the public (outside) and private (inside) interfaces for the load-balancing cluster devices,
do the following steps:

Step 1

Configure the public interface on the ASA by entering the interface command with the lbpublic
keyword in vpn-load-balancing configuration mode. This command specifies the name or IP address of
the public interface for load balancing for this device:

hostname(config)# vpn load-balancing

hostname(config-load-balancing)# interface lbpublic outside

hostname(config-load-balancing)#

Step 2

Configure the private interface on the ASA by entering the interface command with the lbprivate
keyword in vpn-load-balancing configuration mode. This command specifies the name or IP address of
the private interface for load balancing for this device:

hostname(config-load-balancing)# interface lbprivate inside

hostname(config-load-balancing)#

Step 3

Set the priority to assign to this device within the cluster. The range is from 1 to 10. The priority indicates
the likelihood of this device becoming the virtual cluster master, either at startup or when an existing
master fails. The higher you set the priority (for example, 10), the more likely it is that this device
becomes the virtual cluster master.

hostname(config-load-balancing)# priority number

hostname(config-load-balancing)#

For example, to assign this device a priority of 6 within the cluster, enter the following command:

hostname(config-load-balancing)# priority 6

hostname(config-load-balancing)#

Step 4

If you want to apply network address translation for this device, enter the nat command with the NAT
assigned address for the device:

hostname(config-load-balancing)# nat ip_address

hostname(config-load-balancing)#

For example, to assign this device a NAT address of 192.168.30.3, enter the following command: