Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA, tracking, failover

Hello,

I'm having a problem when I put in the tracking option on my default route, I lose connection all together.

I have a T1 (outside) used as primary connection, and a DSL line (backup) plugged in for a failover.

This is an ASA with the Security Plus package, so the failover option should be working.

route outside 0.0.0.0 0.0.0.0 1.2.3.1 1

route backup 0.0.0.0 0.0.0.0 7.8.9.1 254

These are my routes.  When I try to put:

route outside 0.0.0.0 0.0.0.0 1.2.3.1 1 track 1

I completely lose connection.  I've even tried "write mem" and "reload" hoping to bring up the connection.

Here is the config that pertains to the routes:

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.253 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 1.2.3.2 255.255.255.248

!

interface Vlan3

nameif backup

security-level 0

ip address 7.8.9.2 255.255.255.0

!

route outside 0.0.0.0 0.0.0.0 1.2.3.1 1

route backup 0.0.0.0 0.0.0.0 7.8.9.1 254

!

sla monitor 666

type echo protocol ipIcmpEcho 1.2.3.4 interface outside

num-packets 3

frequency 10

!

track 1 rtr 666 reachability

I haven't put in

sla monitor schedule 666 life forever start-time now

Yet because I want to make sure the default route works.  My understanding is that just adding in "track 1" to the end of the route doesn't do anything until I activate the timer with the "sla monitor" line.

Any ideas as to which part of this feature I have wrong?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA, tracking, failover

I would suggest following http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml#cli

The config will look like

---------------

route outside 0.0.0.0 0.0.0.0 1 track 1
route backup 0.0.0.0 0.0.0.0 254

sla monitor 123
type echo protocol ipIcmpEcho interface outside
num-packets 3
frequency 10

sla monitor schedule 123 life forever start-time now

track 1 rtr 123 reachability

---------------

I hope it helps.

PK

3 REPLIES

Re: ASA, tracking, failover

Have you verified if the track statement is up with "sh sla monitor operational-state"? Have you configured the global statement for the backup link?

Becasue if for whatever reason the track fails then the backup should take over as in your case. So verify those two things.

Cisco Employee

Re: ASA, tracking, failover

I would suggest following http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml#cli

The config will look like

---------------

route outside 0.0.0.0 0.0.0.0 1 track 1
route backup 0.0.0.0 0.0.0.0 254

sla monitor 123
type echo protocol ipIcmpEcho interface outside
num-packets 3
frequency 10

sla monitor schedule 123 life forever start-time now

track 1 rtr 123 reachability

---------------

I hope it helps.

PK

New Member

Re: ASA, tracking, failover

Thanks guys and sorry for the delay.

I didn't know about the show operational state command, which lead me to see that the ICMP was timing out.


I then just started from scratch, changed the instance to the example "123" exactly how it was in the post, and changed the test IP to the T1 lines' DNS server.

All worked after that point.

Thanks again.  I was thinking I could change the "123", which I probably can, but I'll just keep it at default.

2336
Views
5
Helpful
3
Replies
CreatePlease login to create content