03-20-2010 03:33 AM - edited 03-11-2019 10:24 AM
Hi my setup is pretty striaght forward.
Topology is something like this.
ISP1--->Router---->ASA------>internal N/W.
Now I added one more ISP in the network to have redundancy in case primary goes down.
Cable from ISP2 goes to one of the backup int directly.
In normal scenario ISP1 is primary it works well for me.
If I switch down the primary isp router backup line take it over.
Now the problem arises if primary goes down and router of isp1 is turned on.This is because I am tracking the interface connecting the ASA and Lan int
Router of ISP1.The Wan of router is down but still getting the up reply from this int because this is directly connected.
Route is pointed towards this int of Router.
If I tracking the WAN int of router no route for ISP1 exists on ASA under show route command.
Well I wanted to have automatic failover.
Do i need change some routing stuff on my router or ASA in order this to work.
Please find attached the config on primary ISP router and ASA.
Eth0/1 from Router is connecting to Eth0/0 of ASA.And Route and track is towards Eth0/1 IP too.I wanted to track Eth0/0 of router in order to have automatic failover.
Reg,
Sushil
03-20-2010 05:40 AM
Hi Sushil,
This link on policy based routing and IP SLA may help.
03-21-2010 10:21 PM
Hi Sean,
As per my attached config, the natting is on ASA for both ISP1 and ISP2.Also there is one cisco router terminating the ISP1 and then going to ASA.
ISP2 is directly fed into ASA.
Is it possible so that I can track the Public int of Router from ASA not Internal connecting ASA and Router?
Seems PBR and IP SLA is not possible through ASA.
Reg,
Sushil
03-22-2010 02:14 PM
PBR is not available on an ASA but IP SLA is.
This is a configuration example of an backup ISP on an ASA with the use of IP SLA
HTH
Jasper
03-22-2010 09:25 PM
I set it up like this only.
But automatic failover is not happening.
Attached the sanitized config of ASA and primary ISP.
I have to unplug the primary router cable connecting Router and ASA.
Even if the internet is down i.e serial(Wan) of primary isp in that case failover is not working.
Becuase tracked ip is the connected interface on ASA.
Can someone let me know whcih IP should be tracked?
Reg,
Sushil
03-23-2010 01:47 AM
You can track the default gateway of your router: 122.160.x1.y. Because this is an IP adres at the ISP site, you know that if this adres is reachable the connection to your ISP is working.
HTH
Jasper
03-25-2010 04:45 AM
Once I tried this the isp failed over to backup one.
Now It is not allwoing to revert back to ISP1.
I tracked it on outside int of primary ISP.
Followed the same procedure;
sla montior 123.
type echo protocol ipIcmpEcho 122.160.x1.y interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life foreever start-time now
track 1 rtr 123 rechability.
Let me know is it possible to get automatic failover or not?
If yes,Am I missing something?
Reg,
Sushil
03-25-2010 08:57 AM
I think if you change tracking IP you can get expected result.....
route outside 0.0.0.0 0.0.0.0 122.160.x1.y 1 track 1
With regards
03-26-2010 01:55 AM
Still no luck.
Seems some routing issue.
Any other suggestion?
Reg,
Sushil
03-26-2010 03:26 AM
As far as configuration pasted appears to be ok... you can try following steps
1. Kindly get output for "show sla monitor operational-state" before failover and after failover
2. Kindly get output for show ip route before failover and after failover
3. Try adding route 122.160.x1.y 255.255.255.255.255 122.140.a1.b1
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: