Hello,

I have setup ASA 5505 with 2 ISP, named outside (primary)  and backup, the scenario is if outside down, then backup will take over, it works now.

But it is not working when the primary connection cannot reach the gateway with the interface still up.

Is it possible when the primary connection cannot reach the gateway then backup automatically take over?

Thanks before..

My configuration is:

ASA Version 8.2(1)

!

hostname cisco

domain-name default_domain

enable password ********* encrypted

passwd ********* encrypted

names

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.254 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 172.10.10.10 255.255.255.0

!

interface Vlan3

no forward interface Vlan2

nameif backup

security-level 0

ip address 172.20.10.10 255.255.255.0

!

interface Ethernet0/0

switchport access vlan 1

!

interface Ethernet0/1

switchport access vlan 2

!

interface Ethernet0/2

switchport access vlan 3

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

dns server-group DefaultDNS

domain-name default domain

same-security-traffic permit intra-interface

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

mtu backup 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (inside) 1 interface

global (outside) 1 interface

global (backup) 1 interface

nat (inside) 1 192.168.1.0 255.255.255.0

access-group inside_out in interface inside

access-group outside_in in interface outside

access-group backup_in in interface backup

route outside 0.0.0.0 0.0.0.0 172.10.10.1 1

route backup 0.0.0.0 0.0.0.0 172.20.10.1 254

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet 192.168.1.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd lease 1048575

dhcpd auto_config outside

!

dhcpd address 192.168.1.100-192.168.1.200 inside

dhcpd dns 8.8.8.8 8.8.4.4 interface inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

  inspect icmp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:24af050f332deab3e38eb578f8081d05

: end