cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2130
Views
5
Helpful
7
Replies

ASA 5510 DUAL ISP PROBLEM

trustcisco
Level 1
Level 1

Hello,

I have configured dual ISP on my ASA Firewall for redundancy. Everything is working fine. When my first link becomes unavailable the asa switches to the backup link, but when my primary link is online again the asa never switches to my primary link.

What do i have to do so that my asa switches back to my primary link when it becomes active again ?

Thanks.

7 Replies 7

trustcisco
Level 1
Level 1

I have noticed that although my primary link is up for an unknown reason my asa switches to my backup link.

Has anybody faced such a problem ?

Thanks.

riccardo-patti
Level 1
Level 1

Hi,

Can you post the config?

route outside 0.0.0.0 0.0.0.0 1.1.1.1 1 track 1
route  backup 0.0.0.0 0.0.0.0 2.2.2.2 254

sla monitor 123
type echo  protocol ipIcmpEcho isp_dns_ip interface outside
num-packets 3
frequency  120

sla monitor schedule 123 life forever start-time now
track  1 rtr 123 reachability

I have changed the target ping ip address to an ip address of a router  which is very close to my firewall.Till now everything is working fine.

CSCtc16148
CSCsk65652

Check them both out. Neither of them is resolved yet.

Symptom:

Route Tracking may fail to fail back to the primary link/route when restored.

Conditions:

SLA monitor must configured along with ip verify reverse path on the tracked interface.

Workaround:

1. Remove ip verify reverse path off of the tracked interface

or

2. add a static route to the SLA target out the primary tracked interface.

Further Problem Description:

N/A

-KS

It seems that i have the same problem that you describe.

I switch succesfuly to the backup link but when the primary links in online again ASA never switches back to the primary link.

I will remove ip verify reverse-path and see what happens....

The no ip verify reverse-path on my tracked interface did the trick. Everything is working perfectly now.

Thanks for you help.

Glad to hear. Thanks for rating.

-KS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: