Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA 5510 Failover with IP SLA monitor

Can I run Cisco ASA failover with dual ISP run active/standby configuration and SLA monitor to monitor the primary ISP gateway and failover to the secondary gateway but not failover to the failover firewall unless an actual event occurred that required a ASA failover?

Thanks,

Juan

1 ACCEPTED SOLUTION

Accepted Solutions

Cisco ASA 5510 Failover with IP SLA monitor

Hello Juan,

Correct if the outside interface its up and running but the target does not respond SLA will happen, but failover will not.

Now if the outside interface goes down Failover will happen and SLA will too because we are going to stop receiving ICMP replies from the target, and of course SLA monitoring will start working and the other interface will become available and will start sending ICMP requests to the target.

Please rate helpful posts.

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
3 REPLIES

Re: Cisco ASA 5510 Failover with IP SLA monitor

Hello Juan,

As I can see it, when SLA monitoring starts working it will expect to receive ICMP replies from the target IP, now as soon as it stops receiving replies from that host, it will switch to the other interface, now this will only happen if the interface went down or if the line between the ASA and the Modem went down, so failover is going to happen, unless you configure no monitor-interface outside and then no monitor-interface backup.

Hope this helps,

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Cisco ASA 5510 Failover with IP SLA monitor

Hi Julio,

thanks for the reply so if the outside interface is up and but the IP I monitor just happens to be down then the SLA monitor will route to the next gateway on the other interface but no actual ASA failover has occurred since the interfaces are still up in this scenario and it will just be an SLA event.

In your example the actual outside interface went down so a real ASA failover will occur to the standby firewall and traffic will resume on the standby. How does this affect the SLA monitor? I’m assuming the SLA monitor traffic does not get replicated to the ASA during the stateful replication process so the process will just start fresh on the standby ASA and respond based on its findings.

Thanks,

Juan

Cisco ASA 5510 Failover with IP SLA monitor

Hello Juan,

Correct if the outside interface its up and running but the target does not respond SLA will happen, but failover will not.

Now if the outside interface goes down Failover will happen and SLA will too because we are going to stop receiving ICMP replies from the target, and of course SLA monitoring will start working and the other interface will become available and will start sending ICMP requests to the target.

Please rate helpful posts.

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
2645
Views
5
Helpful
3
Replies