ASA Static Route Tracking question

Unanswered Question
Jul 22nd, 2009

I'm about to implement static-route tracking with the below setup:

interface Vlan1

nameif inside

security-level 100

ip address


interface Vlan2

nameif outside

security-level 0

ip address


interface Vlan3

nameif backup

security-level 0

ip address

route outside 1

Before I implement, I'd like to test to make sure Vlan3 has connectivity.

I try and do "ping" and enter "backup" as interface and I'm able to ping the "backup" gateway.

Then I try and ping "" with same method and get no replies.

I then do "ping" and get responses.

I assume this is because right now the ASA is going to push all traffic, regardless of source, through the "route 0..."

So my question is:

Is there any way to send/receive packets through the "backup" interface before implementing SRT (static-route-tracking)?

I just want to make sure the backup line is up and running, and I'm not currently in the office.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
robertson.michael Thu, 07/23/2009 - 07:47

Hi Scott,

You could add a static route that is more specific than your active route 0 default route. I would try something like this:

route backup

With this route, your ping to should use the backup gateway connected to the backup interface.

Keep in mind you'll probably also need a valid translation for this interface as well. You may already have this but the config examples you posted didn't include it.

Hope that helps.



This Discussion