05-26-2010 10:26 AM - edited 03-06-2019 11:16 AM
Building A
ASA Outside interface 207.158.106.2 à ISP router Ethernet0
Inside interface 10.20.30.1 à 6509
Building B,
ASA Outside interface 63.48.50.2 à to ISP router Ethernet0
Inside interface 10.20.40.1 à 6509
Building A & B, Ethernet connection from 6509 -àASA à ISP router has no
Dynamic routing.
From 6509 in Bldg A & B. I added statement below to direct Internet traffic to both ASA
(load balancing)
ip route 0.0.0.0 0.0.0.0 10.20.30.1
ip route 0.0.0.0 0.0.0.0 10.20.40.1
In theory, this should work.
The goal is to have a design that does load-balancing and fail-over for the Internet traffic.
The question I have is, how I make this set up for fail over without spending lots of $$$.
Thanks,
Solved! Go to Solution.
05-27-2010 09:32 AM
If you want to have more control over it, you can use the static route tied to an sla tracker. Here's a quick example:
ip sla 1
icmp-echo x.x.x.x
timeout 1000
frequency 2
ip sla schedule 1 life forever start-time now
track 1 rtr 1
delay down 10 up 20
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/2.210 track 1
This will insert the route only when the ip address is reachable with a ping, and you can adjust the delay down and up timers.
Hope this helps
Rick
05-26-2010 11:15 AM
Your 6509 should remove the static route from the table if the next hop becomes unreachable. The other option you have is using ip sla to track the reachability of each asa and then tie the static route into the sla monitor.
Here's a pretty good article on the subject:
http://www.ciscoblog.com/archives/2008/08/dynamic_failove.html
Hope this helps!
Rick
05-26-2010 02:22 PM
Hi Rick,
Thanks for the answer. If one of the static route gets removed from the 6509's routing table once the next hop is not reachable then that would be my prefered design. I have been wondering about it, I didn't think the static route will get removed when the next hop is unreacheable because it's static, I guess the 6509 is smart enough to do it even the static was hard coded.
Vinnie,
05-26-2010 10:50 PM
Hi Rick,
Thanks for the answer. If one of the static route gets removed from the 6509's routing table once the next hop is not reachable then that would be my prefered design. I have been wondering about it, I didn't think the static route will get removed when the next hop is unreacheable because it's static, I guess the 6509 is smart enough to do it even the static was hard coded.
Vinnie,
Hi Vinnie,
Check out the below link for active/passive configuration related to your secnarios in ASA
Hope to help !!
Ganesh.H
Remember to rate the helpful post
05-27-2010 08:15 AM
Ganesh,
It's 30 miles between building A & B . Also building A has already have a pair of ASA's that are configured for fail over.
Thanks for the link.
05-27-2010 11:05 AM
Thanks,
05-27-2010 09:32 AM
If you want to have more control over it, you can use the static route tied to an sla tracker. Here's a quick example:
ip sla 1
icmp-echo x.x.x.x
timeout 1000
frequency 2
ip sla schedule 1 life forever start-time now
track 1 rtr 1
delay down 10 up 20
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/2.210 track 1
This will insert the route only when the ip address is reachable with a ping, and you can adjust the delay down and up timers.
Hope this helps
Rick
05-27-2010 11:13 AM
Thanks Rick, I'll give it a shot
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide