Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2224
Views
0
Helpful
3
Replies

Configuring ISP failover ASA 5505

daniel2907
Level 1
Level 1

‎10-31-2013 05:21 AM - edited ‎03-07-2019 04:21 PM

Hi,

I am trying to configure ISP failover on my ASA, here is the commands I have used so far

ASA(config)# sla monitor 10

ASA(config-sla-monitor)# type echo protocol ipicmpEcho 8.8.8.8 interface outside

ASA(config-sla-monitor)# num-packets 3

ASA(config-sla-monitor)# timeout 1000

ASA(config)# sla monitor scheldule 10 life forever start-time now

ASA(config)# route outside 0.0 87.82.x.x

ASA(config)# route backup 0.0 82.109.x.x

ASA(config)# track 1 rtr 10 reachability

ASA(config)# Nat (inside,outside) source static any any destination static NETWORK_OBJ_172.16.1.0_24 no-proxy-arp route-lookup

ASA(config)# Nat (inside,backup) source static any any destination static NETWORK_OBJ_172.16.1.0_24 no-proxy-arp route-lookup

After inputting these commands I can ping from my laptop to 8.8.8.8 with 100% success rate from both main ISP and backup ISP but cannot access internet, why is this? I am assuming this is NAT related? If so what changes need to be made (static)?

(P.S I am applying these commands in a working enviroment)

Thanks in advance!

Labels:
0 Helpful
3 Replies 3

daniel2907
Level 1
Level 1

‎10-31-2013 05:58 AM

Sorry I meant I can ping from the firewall to 8.8.8.8 from both my main ISP and my backup not from my laptop***

0 Helpful

Karsten Iwen
VIP
VIP

‎10-31-2013 06:08 AM

Two things have to be setup:

1) the backup route should be configured with a higher AD:

ASA(config)# route backup 0 0 82.109.x.x 200

Was the 0.0 a typo? If not the command was not acceppted.

2) your NAT statement is also syntactically incorrect. And you probably need a dynamic NAT to both providers.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

daniel2907
Level 1
Level 1
In response to Karsten Iwen

‎10-31-2013 06:37 AM

Hi Karsten,

1) Sorry I forgot to add that in;

ASA(config)# route outside 82.109.x.x 1

ASA(config)# route backup 82.109.x.x 254

2) It would not suprise me as I am new to programming cisco devices/teaching myself however, it has been running on that NAT statment for a few months now, what error do you see?

I thought as much, I will try and configure a dynamic NAT as I have not done this before and see if that solves the problem. What procedure shall i follow (create network object, create NAT rules etc)?

thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card