ASA 5505 with two ISP connections

Unanswered Question
May 5th, 2008

I have an ASA 5505 with two internet connections to two different ISPs, i followed the document "ASA/PIX 7.x: Redundant or Backup ISP Links

Configuration Example

Document ID: 70559" in cisco site and it succeeded to move from the main ISP connection to the Backup ISP due to the failure in the main ISP connection , but the problem is that the firewall doesn't return back to the main ISP connection when it comes up again

anybody can help??

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Mon, 05/05/2008 - 15:38

Could you post the asa config.

Rgds

Jorge

bluisana@blusol... Thu, 02/25/2010 - 16:30

Were you able to make this work?  Is there a way to send notifications when the connection switches to failover or back to the main connection?

Poonguzhali Sankar Thu, 02/25/2010 - 17:04

Yes, when a failover occurs it will log that in the syslogs and you can have these logs sent over as e-mail alerts.

Pls. refer here:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/l2.html#wp1773126

hostname(config)# logging mail critical

hostname(config)# logging from-address ciscosecurityappliance@example.com

hostname(config)# logging recipient-address admin@example.com

hostname(config)# smtp-server pri-smtp-host sec-smtp-host

I had answered something similar on another thread which you can read here:
https://supportforums.cisco.com/thread/2004158;jsessionid=8637C493FE7EE5B5A436EAEEAABE9C37.node0?tstart=0

CSCtc16148
CSCsk65652

Check them both out. Neither of them is resolved yet.

Symptom:

Route Tracking may fail to fail back to the primary link/route when restored.

Conditions:

SLA monitor must configured along with ip verify reverse path on the tracked interface.

Workaround:

1. Remove ip verify reverse path off of the tracked interface

or

2. add a static route to the SLA target out the primary tracked interface.

Further Problem Description:

N/A


[Wrap text]  [Edit this enclosure]
Release-note: Added 09/23/2009 20:28:24 by kusankar

[Unwrap text]  [Edit this enclosure]
Release-note: Added 09/23/2009 20:28:24 by kusankar

[Uwrap text]  [Edit this enclosure]
sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankar

sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankar
Can not view this .log file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=sla-mon-sh-tech&ext=log&type=FILE

sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankar
Can not view this .log file attachment inline, please click on the following link to view the attachment.
http://

[UnWrap text]  [Edit this enclosure]
sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankar

[Wrap Text]  [Edit this enclosure]
sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusanka


-KS

Actions

Login or Register to take actions

This Discussion

Posted May 5, 2008 at 2:20 AM
Stats:
Replies:3 Overall Rating:
Views:3808 Votes:0
Shares:0
Tags: No tags.
 

Discussions Leaderboard

Rank Username Points
1
Jouni Forss
8,441
2
Julio Carvajal
6,223
3
Jon Marshall
3,325
4
Marvin Rhoads
2,498
5
Marius Gunnerud
1,695
Rank Username Points
Jon Marshall
125
Andre Neethling
45
Marius Gunnerud
37
Jouni Forss
35
Marvin Rhoads
34