Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA/PIX IP SLA Tracked Interface Failover Threshold

Hi,

With regards to the following example provided by Cisco I would like to know exactly when the failover would occur. Does the failover kick in when one/two packets are lost or all three? I would hope all three.

If I were to change the number of packets to 100 and lost 50% for example this would show the link to be failing but would the ASA actually failover to the backup DSL?

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

I'd like to implement this setup in a real world scenario but the internet connection can be tempremental at times (yes I have complained to my ISP in Johannesburg but what is acceptable to me is on a different level to them!) so I want to avoid the failover flapping between each internet link.

Tony

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

ASA/PIX IP SLA Tracked Interface Failover Threshold

Hi Tony,

The ASA's SLA tracking configuration is not quite granular enough to do what you're describing. If the ASA receives a reply for any request within the configured timeout, the ASA will consider the primary link up.

In the example you linked to, the ASA will send 3 requests every 10 seconds. If the ASA receives a reply to any of those 3 packets with a response time that is under 5000 milliseconds (the default timeout for SLA monitoring), the primary link will remain up. Unfortunately, the ASA does not allow you to base the up/down decision on the percentage of packets lost.

Hope that helps.

-Mike

2 REPLIES
Gold

ASA/PIX IP SLA Tracked Interface Failover Threshold

Hi Tony,

The ASA's SLA tracking configuration is not quite granular enough to do what you're describing. If the ASA receives a reply for any request within the configured timeout, the ASA will consider the primary link up.

In the example you linked to, the ASA will send 3 requests every 10 seconds. If the ASA receives a reply to any of those 3 packets with a response time that is under 5000 milliseconds (the default timeout for SLA monitoring), the primary link will remain up. Unfortunately, the ASA does not allow you to base the up/down decision on the percentage of packets lost.

Hope that helps.

-Mike

New Member

ASA/PIX IP SLA Tracked Interface Failover Threshold

Thanks Mike, that asnwers my question.

Regards,

Tony

1427
Views
0
Helpful
2
Replies