Re: Cisco ASA IP SLA

abhayjoshi07 · ‎07-17-2018

For Site A I have configured IP SLA on ASA with primary default route pointing to internet circuit (on outside interface). When this circuit goes down the IP SLA kicks in and the default route points to the MPLS router (on the inside interface) where we have a gre tunnel to another site (site B) from where we access the internet. Although the IP SLA works and auto points the route to the MPLS router but the packet drops after MPLS router on the remote site (site B) and the internet is not accessible. But when i directly point the default route on the cisco stack (Site A) internet is accessible. NAT and route are in place and there is no access list that blocks the traffic

Diagram of the site is attached for reference.

Any suggestions here ?

Bogdan Nita · ‎07-17-2018

Please share ASA sanitized config and commands used to manually redirect traffic to the backup internet connection.

abhayjoshi07 · ‎07-17-2018

sla monitor 123
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
frequency 10

sla monitor schedule 123 life forever start-time now

track 1 rtr 123 reachability

route outside 0.0.0.0 0.0.0.0 <isp next hop> 1 track 1 ---primary

route inside 0.0.0.0 0.0.0.0 <mpls router ip> 254 ---secondary

There is a static default route configured on the cisco stack pointing to firewall inside ip address