https://community.cisco.com/t5/network-security/pbr-with-tracking-error/m-p/2800913#M175202 <P>I already upgraded my ASA version to 9.4 and now it working with PBR.</P> <P>But I'm having issues on setting up the sla monitor.</P> <P>&nbsp;</P> <P>Test# sh track</P> <P>Track 1</P> <P>&nbsp; Response Time Reporter 1 reachability</P> <P><STRONG>&nbsp; Reachability is Up</STRONG></P> <P>&nbsp; 276 changes, last change 00:03:02</P> <P>&nbsp; Latest operation return code: OK</P> <P>&nbsp; Latest RTT (millisecs) 1</P> <P>Track 2</P> <P>&nbsp; Response Time Reporter 2 reachability</P> <P><STRONG>&nbsp; Reachability is Down</STRONG></P> <P>&nbsp; 1 change, last change 05:49:34</P> <P>&nbsp; Latest operation return code: Timeout</P> <P>&nbsp;</P> <P>sla monitor 1</P> <P>type echo protocol ipIcmpEcho 122.X.X.X interface outside</P> <P>frequency 10</P> <P>sla monitor schedule 1 life forever start-time now</P> <P>sla monitor 2</P> <P>type echo protocol ipIcmpEcho 121.X.X.X interface outside2</P> <P>frequency 10</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>From FW: ping test on both WAN</P> <P>T# ping 122.X.X.X</P> <P>!!!!!</P> <P>T# ping 121.X.X.X</P> <P>!!!!!</P> <P>all end point was able to ping.</P> <P>&nbsp;</P> <P>thanks</P> Tue, 12 Mar 2019 06:50:41 GMT Lost & Found 2019-03-12T06:50:41Z https://community.cisco.com/t5/network-security/pbr-with-tracking-error/m-p/2800913#M175202 <P>I already upgraded my ASA version to 9.4 and now it working with PBR.</P> <P>But I'm having issues on setting up the sla monitor.</P> <P>&nbsp;</P> <P>Test# sh track</P> <P>Track 1</P> <P>&nbsp; Response Time Reporter 1 reachability</P> <P><STRONG>&nbsp; Reachability is Up</STRONG></P> <P>&nbsp; 276 changes, last change 00:03:02</P> <P>&nbsp; Latest operation return code: OK</P> <P>&nbsp; Latest RTT (millisecs) 1</P> <P>Track 2</P> <P>&nbsp; Response Time Reporter 2 reachability</P> <P><STRONG>&nbsp; Reachability is Down</STRONG></P> <P>&nbsp; 1 change, last change 05:49:34</P> <P>&nbsp; Latest operation return code: Timeout</P> <P>&nbsp;</P> <P>sla monitor 1</P> <P>type echo protocol ipIcmpEcho 122.X.X.X interface outside</P> <P>frequency 10</P> <P>sla monitor schedule 1 life forever start-time now</P> <P>sla monitor 2</P> <P>type echo protocol ipIcmpEcho 121.X.X.X interface outside2</P> <P>frequency 10</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>From FW: ping test on both WAN</P> <P>T# ping 122.X.X.X</P> <P>!!!!!</P> <P>T# ping 121.X.X.X</P> <P>!!!!!</P> <P>all end point was able to ping.</P> <P>&nbsp;</P> <P>thanks</P> Tue, 12 Mar 2019 06:50:41 GMT https://community.cisco.com/t5/network-security/pbr-with-tracking-error/m-p/2800913#M175202 Lost & Found 2019-03-12T06:50:41Z https://community.cisco.com/t5/network-security/pbr-with-tracking-error/m-p/2800914#M175203 <P>I suspect what is happening is the IP SLA is using the default route to ping the IPs and so the traffic is sourced from outside2 but it goes out and comes back in via the outside interface.</P> <P>You can use PBR for traffic generated by the device itself with IOS but it doesn't seem to be supported on the ASA or at least I can't find it.</P> <P>So have you tied your PBR confiiguration to the IP SLA ?</P> <P>If so try adding a host specific route to the ASA for the IP you are pinging on the outside2 interface ie.</P> <P>route (outside2) 121.x.x.x 255.255.255.255 &lt;next hop IP&gt;</P> <P>this should force the ping to go out of the right interface.</P> <P>Unless of course the IPs you are pinging are the actual next hop IPs in which case not sure what is happening.</P> <P>Jon</P> Fri, 06 Nov 2015 16:55:57 GMT https://community.cisco.com/t5/network-security/pbr-with-tracking-error/m-p/2800914#M175203 Jon Marshall 2015-11-06T16:55:57Z https://community.cisco.com/t5/network-security/pbr-with-tracking-error/m-p/2800915#M175204 <P>Hi Jon,</P> <P>Thanks. Youre right. Because upon check traffic is routing on 122. &nbsp;Anyway ill the new conf. Ill just give you the update.</P> <P></P> Sat, 07 Nov 2015 12:59:43 GMT https://community.cisco.com/t5/network-security/pbr-with-tracking-error/m-p/2800915#M175204 Lost & Found 2015-11-07T12:59:43Z https://community.cisco.com/t5/network-security/pbr-with-tracking-error/m-p/2800916#M175205 <P>Hi Jon,</P> <P>I forgot to edit the post. now It's working.&nbsp;</P> <P>Thank you</P> Fri, 13 Nov 2015 12:42:37 GMT https://community.cisco.com/t5/network-security/pbr-with-tracking-error/m-p/2800916#M175205 Lost & Found 2015-11-13T12:42:37Z https://community.cisco.com/t5/network-security/pbr-with-tracking-error/m-p/2800917#M175206 <P>Sorry but can't see photo.</P> <P>Can you post a "sh route" from your ASA ?</P> <P>Jon</P> Fri, 13 Nov 2015 12:42:38 GMT https://community.cisco.com/t5/network-security/pbr-with-tracking-error/m-p/2800917#M175206 Jon Marshall 2015-11-13T12:42:38Z