IP SLA for dual Internet links

gautamzone · ‎12-16-2009

Dear friends,

I have configure ip sla monitor for redundant ISP links on the ASA. The ASA version is 8.2(1).

I configured as per the link

I tested failover and the routing table is properly updated to point to the proper next hop.

However, i am having issues with xlate.

The old xlate entry never times out. Everything seems to work only after i say clear xlate.

I dont know why new xlate is not getting created. So, now failover is working fine only i after i manually issue the command clear xlate.

Is there a way to clear the old translation entries automatically without having to manually clearing them

A snippet of my config is as follows:

nat (inside) 1 0 0

global (outside) 1 interface

global (outside2) 1 interface

sla monitor 1

type echo protocol ipIcmpEcho 212.77.192.59 interface outside

num-packets 3

frequency 10

route outside2 0.0.0.0 0.0.0.0 78.100.48.18 200

sla monitor schedule 1 life forever start-time now

track 1 rtr 1 reachability

route outside 0.0.0.0 0.0.0.0 10.101.2.254 1 track 1

I am using ASA 5510 with 8.2(1) code.

Thanks a lot

Gautam

andrew.prince · ‎12-17-2009

The default xlate timeout (when the translation slot is closed and the IP returned to the pool) is 3 hours.

You can change this to failover timeout value.

HTH>

gautamzone · ‎12-17-2009

Dear Andrew,

Everything seemed to work fine when i went physically to the site.

I did not have to change the xlate timeout. Probably i should have tested it physically first.

Thanks a lot for the help

Thanks a lot

Gautam