Solved: 2 ISPs redundancy problem (SOLVED)

blin · ‎05-02-2018

I configure ASA 5510 for Redundant ISP links as screenshot shown (Outside is primary and 4G-LTE is backup).

However, when the Outside is down, the backup 4G-LTE doesn't work and on one can access the Internet. How can I troubleshoot it?

Florin Barhala · ‎05-07-2018

I think you can do it very easily:
- configure SSH access on the 4G/LTE IP ; after the failover you can ping/ssh to that IP from outside
- 4G gives you somekind of NAT and you cannot connect inbound I would just rely on the tracking events for each static route. It should tell you the moment track number is down, then up and so on.

View solution in original post

Florin Barhala · ‎05-20-2018

ssh outside public_IP_from_where_you_ssh 255.255.255.255

View solution in original post

Florin Barhala · ‎05-03-2018

Hello,

"when the Outside is down" - what do you mean by this? Is this happening when ISP has issues, you disconnect cable or you admin shutdown the interface?

I noticed you have a tracking object configured; can you share the output of it when interface is up and then down?
Last but not least if you simply disconnect cable from outside "manually" does 4G LTE work for you?

blin · ‎05-03-2018

Outside is primary connection using Comcast. When the Comcast is down, no one can't access the internet. I configured it remotely and haven't got a chance to test it.

Florin Barhala · ‎05-04-2018

If tracking does work as expected then your are left with two things:
- 4G LTE connection has some issues of its own
- the NAT or routing config for this 4G connection is wrong or incomplete.

Before anything I would manually disconnect Comcast and test LTE. If this is not possible you can also play with PBR by adding both routes with same AD to ASA routing table then sending all traffic through COMCAST (with PBR) and finally picking one server/host and PBR it through 4G/LTE connection.

blin · ‎05-06-2018

After I re-check the configuration, I find the 4G-LTE default gateway and ASA port #2 IP are incorrectly. Reversing them seems to fix the problem. Now I can tracert google.com from ASA using source of 4G-LTE. The details can be found this post: Cisco ASA redundancy ISP links don't work

The client wants to know it takes how long to switch from Comcast to 4G-LTE in a case Comcast is down. Since I am remote, I called Comcast technical support to restart the Comcast. The Comcast comes back in 4 or 5 minutes. My remote session to office server doesn't work until the Comcast is up. How can I check log to see if 4G-LTE is up running when the Comcast is down. Remember I am not in client site. I do everything remotely.

@Florin Barhala wrote:
If tracking does work as expected then your are left with two things:
- 4G LTE connection has some issues of its own
- the NAT or routing config for this 4G connection is wrong or incomplete.

Before anything I would manually disconnect Comcast and test LTE. If this is not possible you can also play with PBR by adding both routes with same AD to ASA routing table then sending all traffic through COMCAST (with PBR) and finally picking one server/host and PBR it through 4G/LTE connection.

Florin Barhala · ‎05-07-2018

I think you can do it very easily:
- configure SSH access on the 4G/LTE IP ; after the failover you can ping/ssh to that IP from outside
- 4G gives you somekind of NAT and you cannot connect inbound I would just rely on the tracking events for each static route. It should tell you the moment track number is down, then up and so on.

blin · ‎05-19-2018

Thank you for the tip. Hw can I configure ssh to test from outside? Can you post the commands?

Florin Barhala · ‎05-20-2018

ssh outside public_IP_from_where_you_ssh 255.255.255.255

blin · ‎05-20-2018

Thank you.