Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
822
Views
0
Helpful
2
Replies

ASA 5505 with Backup ISP

tlitterio2
Level 1
Level 1

‎05-09-2012 08:14 AM - edited ‎03-11-2019 04:04 PM

I am working with a client that currently has an ASA 5505 with two ISPs for failover using a tracked interface.  I would like to configure logging so that the ASA will email us when the Primary ISP goes down and fails over to the backup.  Here is what I have so far...

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

switchport access vlan 12

!

interface Ethernet0/2

speed 100

duplex full

!

interface Ethernet0/3

switchport access vlan 22

speed 100

duplex full

!

interface Ethernet0/4

switchport access vlan 22

!

interface Ethernet0/5

switchport access vlan 22

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.0.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 50.76.252.33 255.255.255.248

!

interface Vlan12

nameif backup

security-level 0

ip address 168.93.174.130 255.255.255.248

!

interface Vlan22

nameif Phones

security-level 100

ip address 192.168.3.1 255.255.255.0

!

logging enable

logging buffered warnings

logging asdm warnings

logging from-address SBP-ASA@sp.local

logging recipient-address tony@litterio.com level errors

route outside 0.0.0.0 0.0.0.0 DG-Commcast 128 track 1

route backup 0.0.0.0 0.0.0.0 DG-FirstCom 255

sla monitor 123

type echo protocol ipIcmpEcho 73.120.130.1 interface outside

frequency 10

sla monitor schedule 123 life forever start-time now

track 1 rtr 123 reachability

Let me know if you need any more info from the config; it's quite long and not sure what all is needed...

The primary interface is Outside and the backup is obviously Backup

Thanks!

Tony

Labels:
0 Helpful
2 Replies 2

mvsheik123
Level 7
Level 7

‎05-09-2012 12:57 PM

Hi Tony,

As long as the event covered under 'errors' list - inaddition to the above config, you need to add..

loging mail errors

smtp-server

Check the below link for more information on ASA message logging..

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

hth

MS

0 Helpful

tlitterio2
Level 1
Level 1
In response to mvsheik123

‎05-11-2012 12:11 PM

Ah, thanks! 

I am trying to trck down the Syslog messages that are generated when that backup line is triggered and the primary switches back.  I set the ASDM to debug and recorded a bunch of captures but all I can find that resembles anything about a switch over is 1 - 622001 error about adding the tracked route...  Do you have any idea what other syslog errors would be generated?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card