ASA 5505 with two ISP connections

Unanswered Question
May 5th, 2008

I have an ASA 5505 with two internet connections to two different ISPs, i followed the document "ASA/PIX 7.x: Redundant or Backup ISP Links

Configuration Example

Document ID: 70559" in cisco site and it succeeded to move from the main ISP connection to the Backup ISP due to the failure in the main ISP connection , but the problem is that the firewall doesn't return back to the main ISP connection when it comes up again

anybody can help??

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
bluisana@blusol... Thu, 02/25/2010 - 16:30

Were you able to make this work?  Is there a way to send notifications when the connection switches to failover or back to the main connection?

Poonguzhali Sankar Thu, 02/25/2010 - 17:04

Yes, when a failover occurs it will log that in the syslogs and you can have these logs sent over as e-mail alerts.

Pls. refer here:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/l2.html#wp1773126

hostname(config)# logging mail critical

hostname(config)# logging from-address ciscosecurityappliance@example.com

hostname(config)# logging recipient-address admin@example.com

hostname(config)# smtp-server pri-smtp-host sec-smtp-host

I had answered something similar on another thread which you can read here:
https://supportforums.cisco.com/thread/2004158;jsessionid=8637C493FE7EE5B5A436EAEEAABE9C37.node0?tstart=0

CSCtc16148
CSCsk65652

Check them both out. Neither of them is resolved yet.

Symptom:

Route Tracking may fail to fail back to the primary link/route when restored.

Conditions:

SLA monitor must configured along with ip verify reverse path on the tracked interface.

Workaround:

1. Remove ip verify reverse path off of the tracked interface

or

2. add a static route to the SLA target out the primary tracked interface.

Further Problem Description:

N/A


[Wrap text]  [Edit this enclosure]
Release-note: Added 09/23/2009 20:28:24 by kusankar

[Unwrap text]  [Edit this enclosure]
Release-note: Added 09/23/2009 20:28:24 by kusankar

[Uwrap text]  [Edit this enclosure]
sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankar

sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankar
Can not view this .log file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=sla-mon-sh-tech&ext=log&type=FILE

sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankar
Can not view this .log file attachment inline, please click on the following link to view the attachment.
http://

[UnWrap text]  [Edit this enclosure]
sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankar

[Wrap Text]  [Edit this enclosure]
sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusanka


-KS

Actions

Login or Register to take actions

This Discussion

Posted May 5, 2008 at 2:20 AM
Stats:
Replies:3 Avg. Rating:
Views:3702 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 7,866
2 6,140
3 3,170
4 1,473
5 1,446