Configuring the load balancing cluster attributes – Cisco ASA 5505 User Manual

Page 1420

Advertising

background image

66-12

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 66 Setting General VPN Parameters

Configuring Load Balancing

hostname(config-load-balancing)# nat 192.168.30.3

hostname(config-load-balancing)#

Configuring the Load Balancing Cluster Attributes

To configure the load-balancing cluster attributes for each device in the cluster, do the following steps:

Step 1

Set up VPN load balancing by entering the vpn load-balancing command in global configuration mode:

hostname(config)# vpn load-balancing

hostname(config-load-balancing)#

This enters vpn-load-balancing configuration mode, in which you can configure the remaining
load-balancing attributes.

Step 2

Configure the IP address of the cluster to which this device belongs. This command specifies the single
IP address that represents the entire virtual cluster. Choose an IP address that is within the public subnet
address range shared by all the ASAs in the virtual cluster.

hostname(config-load-balancing)# cluster ip address ip_address

hostname(config-load-balancing)#

For example, to set the cluster IP address to 192.168.10.10, enter the following command:

hostname(config-load-balancing)# cluster ip address 192.168.10.10

hostname(config-load-balancing)#

Step 3

Configure the cluster port.This command specifies the UDP port for the virtual cluster in which this
device is participating. The default value is 9023. If another application is using this port, enter the UDP
destination port number that you want to use for load balancing.

hostname(config-load-balancing)# cluster port port_number

hostname(config-load-balancing)#

For example, to set the cluster port to 4444, enter the following command:

hostname(config-load-balancing)# cluster port 4444

hostname(config-load-balancing)#

Step 4

(Optional) Enable IPsec encryption for the cluster. The default is no encryption. This command enables
or disables IPsec encryption. If you configure this check attribute, you must first specify and verify a
shared secret.The ASAs in the virtual cluster communicate via LAN-to-LAN tunnels using IPsec. To
ensure that all load-balancing information communicated between the devices is encrypted, enable this
attribute.

hostname(config-load-balancing)# cluster encryption

hostname(config-load-balancing)#

Advertising

This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands

Popular manuals