Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

dual isp with asa and dynamic ip's on the outside

I have a site with an ASA5505 and 2 isp connections but the catch is the 2 isp's are giving me a dynamic IP so I am unable to use this

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Any idea?

how do my routes differ? etc.?

Everyone's tags (7)
3 REPLIES

dual isp with asa and dynamic ip's on the outside

Hello Ronni,

Why is this not going to work?

As soon as you always have the interface up and working it should succed on the monitoring process.

You will have 2 ISP default gateways Ip addresses right?

So that is all you need, then select a target to monitor the SLA process.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

dual isp with asa and dynamic ip's on the outside

I can't see how this will work because with the dynamic ip from the isp I don't have a default gateway defined but rather I have ''ip address dhcp setroute' on the outside vlan and that is taking care of my default gateway.  Also if I have no default gateway defined how do I apply ipsla and tracking, on which route?

can you please post a sample config if you don't mind

Re: dual isp with asa and dynamic ip's on the outside

Hello Ronni,

so its DHCP for the ISP not for your interface.

That is different, I think you will need to have unless one destination ip address for the default gateway so you can use it to track it as there is no metric option on the following command:

interface gigabitEthernet 0/0

  ip address dhcp setroute

Rigth now I think that is the only option you have to make SLA work.

Here are the requirements for SLA on an ASA

Requirements

Choose a monitoring target that can respond to ICMP echo requests. The target can be any network object that you choose, but a target that is closely tied to your ISP connection is recommended. Some possible monitoring targets include:

  • The ISP gateway address (You do not have it)
  • Another ISP-managed address
  • A server on another network, such as a AAA server, with which the security appliance needs to communicate
  • A persistent network object on another network (a desktop or notebook computer that you can shut down at night is not a good choice)

This document assumes that the security appliance is fully operational and configured to allow the Cisco ASDM to make configuration changes.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
1128
Views
0
Helpful
3
Replies
CreatePlease to create content