cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1214
Views
0
Helpful
10
Replies

2 ISPs redundancy problem (SOLVED)

leoandino
Level 1
Level 1

Hi.

I have an ASA 5508-x connected to two ISPs. I made the relevant configurations of the static route with superior metric of SLA monitor, Track ID and the IP tracking address 8.8.8.8.

When I did the backup tests of ISPs, they worked fine by disconnecting the network cable from the ASA to the primary ISP router. But in the primary ISP, when simulating a fiber optic interruption, the ISP backup does not work. The ASA is not able to detect that the primary ISP internet is failing.

I assume because while the ASA does not detect that the interface directly connected to the primary ISP router is down, it will not remove its static route from the route table.

Is there any way to do it? What am I setting wrong?

Thank you.

 

SOLVED:

 

Solved.
Both links are enabled on its interface by DHCP. Once the ip address was added manually, the problem was solved. :)
Thank you !!!

1 Accepted Solution

Accepted Solutions

Solved.
Both links are enabled on its interface by DHCP. Once the ip address was added manually, the problem was solved. :)
Thank you !!!

View solution in original post

10 Replies 10

Hi @leoandino

 

 How did you configured the sla monitor on ASA. It should validate by using icmp and if interface is down, means ping will fail, this should work.

 Can you share the config?

 

 

-If I helped you somehow, please, rate it as useful.-

Hi.

 

Thank you for request.

 

 

sla monitor 1

type echo protocol ipIcmpEcho 8.8.8.8 interface outside_GTD

num-packets 3

frequency 10

sla monitor schedule 1 life forever start-time now

 

!

track 1 rtr 1 reachability

 

route outside_GTD 0.0.0.0 0.0.0.0 190.34.x.x 1 track 1

route Outside_Entel 0.0.0.0 0.0.0.0 192.168.100.1 2

Looks fine and as expected reachability should be the trigger and not interface status. 

I recommend you to run "debug sla monitor trace " "debug sla monitor error " and repeat the test.

 

 

 

-If I helped you somehow, please, rate it as useful.-

 

 

 

Hi..

 

How can I filter that debug in the handle? When you enable the logging monitor debuggin it is impossible to visualize.

Does not filter. Send it to a txt file. As much information is better.

 

 

 

-If I helped you somehow, please, rate it as useful.-

Hello,

 

Attached TXT file.

 

Unfortunately have no SLA log on the file.

Logs should look like:

IP SLA Monitor(123) Scheduler: Starting an operation
IP SLA Monitor(123) echo operation: Sending an echo operation
IP SLA Monitor(123) echo operation: RTT=0 OK
IP SLA Monitor(123) echo operation: RTT=0 OK
IP SLA Monitor(123) echo operation: RTT=1 OK
IP SLA Monitor(123) Scheduler: Updating result

 

-If I helped you somehow, please, rate it as useful.-

 

hi,

unfortunately I have no experience in ASA to capture the debug. Apply the mentioned commands, but I do not know why it is not displayed.   :(

Looks like the logging console is set to 7 on your firewall. 

Try "no logging console"  command and then run the debug again.

Then try  logging debug-trace

 

 

-If I helped you somehow, please, rate it as useful.-

 

 

 

 

        

Solved.
Both links are enabled on its interface by DHCP. Once the ip address was added manually, the problem was solved. :)
Thank you !!!

Review Cisco Networking for a $25 gift card