02-20-2014 11:51 AM - edited 03-11-2019 08:48 PM
I currently have some small branch offices using ASA 5505 with Security Plus license and dual wan connections. They are configured wil an sla monitor so if the primary WAN goes down the secondary connection becomes active. This works as expected, however...
I can't ping the non-active interface from an outside source. I beleive this is by design or due to some limitation on the 5505. The problem is that I don't know if the backup WAN connection is functioning normally without forcing the ASA to make it active. We use a flaky wireless connection for the backups. The problem recently bit me because both WAN connections were offline.
I'm looking for an easy way to monitor the inactive wan interface, preferably by pinging from an outside location. Is this possible?
Solved! Go to Solution.
02-24-2014 06:05 PM
Hello,
This wont work because the ASA receives the ping on the backup link but has the default route pointing to the outside.
You would have to add a more spefic route for your IP.
Example:
If you want to ping coming from IP 1.1.1.1
route outside 0 0 x.x.1.1 1 track 1
route backup 0 0 x.x.2.2 250
route backup 1.1.1.1 255.255.255.255 x.x.2.2
Regards,
Felipe.
Remember to rate useful posts.
02-24-2014 12:00 PM
No activity... Is there a better area to post this question?
02-28-2014 11:57 AM
Thanks, this is exactly what I needed! I didn't realize it was a routing issue.
02-24-2014 06:05 PM
Hello,
This wont work because the ASA receives the ping on the backup link but has the default route pointing to the outside.
You would have to add a more spefic route for your IP.
Example:
If you want to ping coming from IP 1.1.1.1
route outside 0 0 x.x.1.1 1 track 1
route backup 0 0 x.x.2.2 250
route backup 1.1.1.1 255.255.255.255 x.x.2.2
Regards,
Felipe.
Remember to rate useful posts.
08-23-2017 08:46 AM
Hello,
is it possible to make it ping reachable to both interface. ? when we change route , other interface not alternatly can not ping.
Thanks
09-14-2017 02:21 PM
Hi!
I'm having the same problem with my network. Please, give me a light here.
I have dual ISP and I want to monitor my backup interface, that has the ip address of 192.168.1.0.
My routes are like this
NET 0 0 192.168.0.1 1 track 1
VIVO 0 0 192.168.1.1 254
my inside network is 192.168.50.0
I want to monitor the backup interface while it's in standby, is it possible?
I've tryied to apply some routing configurations, but without success.
Could someone here help me with this?
Thanks
02-24-2014 06:45 PM
Hello,
Also be aware of CSCsy89178, telnet and ssh work to the backup but icmp doesnt.
Regards,
Felipe.
Remember to rate useful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide