I have configured then tested a ASA 5505 with Base License and ver 8.4(2) in Lab environment, and all seems works well.
So in the Lab when I stop the communication with the tracked object 220.127.116.11, the SLA Monitor configured in the ASA changes from the primary link connected to the ISP1 to the secondary link ISP2. Finally when I re-start the communication with the tracked object the active ISP is changed again on ISP1.
After the Lab I goes live with the same configuration the same Base license, but with different IOS 8.4(4), I got a different behavior. I can not reach the interface 18.104.22.168/30 but I can reach 22.214.171.124, so I connect on the serial link using OOB modem. I check the routing table, and I see that the default route about ISP1 is not present in the table even if it is in the config, there is a default route on the table but about the ISP2.
It seems that the sla monitor has changed the on the ISP2 even if the tracked object 126.96.36.199 is reachable, infact if I add again the default route about ISP1 then I can ping the 188.8.131.52...
Why the SLA Monitor works in this way?
Follow the Asa 5055 config:
ASA Version 8.4(2)
switchport access vlan 100
switchport access vlan 2
<--- More --->
switchport access vlan 110
no ip address
ip address 192.168.100.6 255.255.255.192
<--- More --->
ip address 184.108.40.206 255.255.255.252
no forward interface Vlan100
ip address 10.10.10.10 255.255.255.224
ftp mode passive
dns server-group DefaultDNS
object-group network NETWORK_OBJ_172.20.0.0_22
network-object 172.20.0.0 255.255.252.0
access-list outside_1_cryptomap extended permit ip 192.168.100.0 255.255.252.0 172.20.0.0 255.255.252.0
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :