Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA Static Route Tracking question

I'm about to implement static-route tracking with the below setup:

interface Vlan1

nameif inside

security-level 100

ip address 192.168.2.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 6.2.8.138 255.255.255.248

!

interface Vlan3

nameif backup

security-level 0

ip address 4.3.8.158 255.255.255.252

route outside 0.0.0.0 0.0.0.0 6.2.8.137 1

Before I implement, I'd like to test to make sure Vlan3 has connectivity.

I try and do "ping" and enter "backup" as interface and I'm able to ping the "backup" gateway.

Then I try and ping "4.2.2.6" with same method and get no replies.

I then do "ping 4.2.2.6" and get responses.

I assume this is because right now the ASA is going to push all traffic, regardless of source, through the "route 0..."

So my question is:

Is there any way to send/receive packets through the "backup" interface before implementing SRT (static-route-tracking)?

I just want to make sure the backup line is up and running, and I'm not currently in the office.

Thanks!

1 REPLY

Re: ASA Static Route Tracking question

Hi Scott,

You could add a static route that is more specific than your active route 0 default route. I would try something like this:

route backup 4.2.2.6 255.255.255.255

With this route, your ping to 4.2.2.6 should use the backup gateway connected to the backup interface.

Keep in mind you'll probably also need a valid translation for this interface as well. You may already have this but the config examples you posted didn't include it.

Hope that helps.

-Mike

142
Views
0
Helpful
1
Replies
CreatePlease to create content