Solved: Re: 2 ISPs redundancy problem

leoandino · ‎11-29-2017

Hi.

I have an ASA 5508-x connected to two ISPs. I made the relevant configurations of the static route with superior metric of SLA monitor, Track ID and the IP tracking address 8.8.8.8.

When I did the backup tests of ISPs, they worked fine by disconnecting the network cable from the ASA to the primary ISP router. But in the primary ISP, when simulating a fiber optic interruption, the ISP backup does not work. The ASA is not able to detect that the primary ISP internet is failing.

I assume because while the ASA does not detect that the interface directly connected to the primary ISP router is down, it will not remove its static route from the route table.

Is there any way to do it? What am I setting wrong?

Thank you.

SOLVED:

Solved.
Both links are enabled on its interface by DHCP. Once the ip address was added manually, the problem was solved. :)
Thank you !!!

leoandino · ‎12-07-2017

Solved.
Both links are enabled on its interface by DHCP. Once the ip address was added manually, the problem was solved. :)
Thank you !!!

View solution in original post

Flavio Miranda · ‎11-29-2017

Hi @leoandino

How did you configured the sla monitor on ASA. It should validate by using icmp and if interface is down, means ping will fail, this should work.

Can you share the config?

-If I helped you somehow, please, rate it as useful.-

leoandino · ‎11-29-2017

Hi.

Thank you for request.

sla monitor 1

type echo protocol ipIcmpEcho 8.8.8.8 interface outside_GTD

num-packets 3

frequency 10

sla monitor schedule 1 life forever start-time now

!

track 1 rtr 1 reachability

route outside_GTD 0.0.0.0 0.0.0.0 190.34.x.x 1 track 1

route Outside_Entel 0.0.0.0 0.0.0.0 192.168.100.1 2

Flavio Miranda · ‎11-29-2017

Looks fine and as expected reachability should be the trigger and not interface status.

I recommend you to run "debug sla monitor trace " "debug sla monitor error " and repeat the test.

-If I helped you somehow, please, rate it as useful.-

leoandino · ‎11-29-2017

Hi..

How can I filter that debug in the handle? When you enable the logging monitor debuggin it is impossible to visualize.

Flavio Miranda · ‎11-29-2017

Does not filter. Send it to a txt file. As much information is better.

-If I helped you somehow, please, rate it as useful.-

leoandino · ‎11-29-2017

Hello,

Attached TXT file.

Flavio Miranda · ‎11-29-2017

Unfortunately have no SLA log on the file.

Logs should look like:

IP SLA Monitor(123) Scheduler: Starting an operation
IP SLA Monitor(123) echo operation: Sending an echo operation
IP SLA Monitor(123) echo operation: RTT=0 OK
IP SLA Monitor(123) echo operation: RTT=0 OK
IP SLA Monitor(123) echo operation: RTT=1 OK
IP SLA Monitor(123) Scheduler: Updating result

-If I helped you somehow, please, rate it as useful.-

leoandino · ‎11-29-2017

hi,

unfortunately I have no experience in ASA to capture the debug. Apply the mentioned commands, but I do not know why it is not displayed. :(

Flavio Miranda · ‎11-29-2017

Looks like the logging console is set to 7 on your firewall.

Try "no logging console" command and then run the debug again.

Then try logging debug-trace

-If I helped you somehow, please, rate it as useful.-

leoandino · ‎12-07-2017

Solved.
Both links are enabled on its interface by DHCP. Once the ip address was added manually, the problem was solved. :)
Thank you !!!

2 ISPs redundancy problem (SOLVED)