Dual ISP setup

Unanswered Question

Hi my setup is pretty striaght forward.

Topology is something like this.

ISP1--->Router---->ASA------>internal N/W.

Now I added one more ISP in the network to have redundancy in case primary goes down.

Cable from ISP2 goes to one of the backup int directly.

In normal scenario ISP1 is primary it works well for me.

If I switch down the primary isp router backup line take it over.

Now the problem arises if primary goes down and router of isp1 is turned on.This is because I am tracking the interface connecting the ASA and Lan int

Router of ISP1.The Wan of router is down but still getting the up reply from this int because this is directly connected.

Route is pointed towards this int of Router.

If I tracking the WAN int of router no route for ISP1 exists on ASA under show route command.

Well I wanted to have automatic failover.

Do i need change some routing stuff on my router or ASA in order this to work.

Please find attached the config on primary ISP router and ASA.

Eth0/1 from Router is connecting to Eth0/0 of ASA.And Route and track is towards Eth0/1 IP too.I wanted  to track Eth0/0 of router in order to have automatic failover.

Reg,

Sushil

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Hi Sean,

As per my attached config, the natting is on ASA for both ISP1 and ISP2.Also there is one cisco router terminating the ISP1 and then going to ASA.

ISP2 is directly fed into ASA.

Is it possible so that I can track the Public int of Router from ASA not Internal connecting ASA and Router?

Seems PBR and IP SLA is not possible through ASA.

Reg,

Sushil

I set it up like this only.

But automatic failover is not happening.

Attached the sanitized config of ASA and primary ISP.

I have to unplug the primary router cable connecting Router and ASA.

Even if the internet is down i.e serial(Wan) of primary isp in that case failover is not working.

Becuase tracked ip is the connected interface on ASA.

Can someone let me know whcih IP should be tracked?

Reg,

Sushil

jgraafmans Tue, 03/23/2010 - 01:47

You can track the default gateway of your router: 122.160.x1.y. Because this is an IP adres at the ISP site, you know that if this adres is reachable the connection to your ISP is working.

HTH

Jasper

Once I tried this the isp failed over to backup one.

Now It is not allwoing to revert back to ISP1.

I tracked it on outside int of primary ISP.

Followed the same procedure;

sla montior 123.

type echo protocol ipIcmpEcho 122.160.x1.y interface outside

num-packets 3

frequency 10

sla monitor schedule 123 life foreever start-time now

track 1 rtr 123 rechability.

Let me know is it possible to get automatic failover or not?

If yes,Am I missing something?

Reg,

Sushil

shailesh.h Thu, 03/25/2010 - 08:57

I think if you change tracking IP you can get expected result.....

route outside 0.0.0.0 0.0.0.0 122.160.x1.y 1 track 1

With regards

shailesh.h Fri, 03/26/2010 - 03:26

As far as configuration pasted appears to be ok... you can try following steps

1. Kindly get output for "show sla monitor operational-state" before failover and after failover
2. Kindly get output for show ip route before failover and after failover
3. Try adding route  122.160.x1.y  255.255.255.255.255 122.140.a1.b1

Actions

This Discussion