Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA5505 Site-to-Site VPN & SLA Monitor

Hello All,

I'm kind of newbie on ASA, so please be patient with me.

I have a couple of ASAs 5505 (HQ & Branch) running version 8.2(4).  They are configured with a Site-to-Site VPN over a single WAN link:

# sh crypto isa sa

   Active SA: 1

    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)

Total IKE SA: 1

1   IKE Peer: 192.168.0.6

    Type    : L2L             Role    : initiator

    Rekey   : no              State   : MM_ACTIVE

I want to enable sla monitor on one of the devices in order to know the real status of my unique link because the interfaces sometimes don't go down, so I don't have any real statistic of failures. 

I found out several posts with the step-by-step to configure it:

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/813-cisco-router-ipsla-basic.html

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

http://www.cisco.com/en/US/technologies/tk648/tk362/tk920/technologies_white_paper0900aecd8017f8c9_ps6602_Products_White_Paper.html

http://www.networkstraining.com/cisco-asa-5500-dual-isp-connection/

After reading all the articles I have some questions that maybe someone can answer:

    1. All the information is related to dual ISP links failover.  Is there any extra-consideration for my single link scenario?
    2. I already have a static route route outside 0.0.0.0 0.0.0.0 192.168.0.1 1 so I think I have to overwrite it with something like this route outside 0.0.0.0 0.0.0.0 192.168.0.1 1 track 1. Is this correct?
    3. If so, when I overwrite it, will the S2S VPN go down and will it go up automatically?

Thanks to all in advance.

Everyone's tags (6)
1 REPLY
Community Member

ASA5505 Site-to-Site VPN & SLA Monitor

Any idea or suggestion?

1232
Views
0
Helpful
1
Replies
CreatePlease to create content