Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4327
Views
0
Helpful
3
Replies

ASA 5505 with two ISP connections

mohammed.amer
Level 1
Level 1

‎05-05-2008 02:20 AM - edited ‎03-11-2019 05:40 AM

I have an ASA 5505 with two internet connections to two different ISPs, i followed the document "ASA/PIX 7.x: Redundant or Backup ISP Links

Configuration Example

Document ID: 70559" in cisco site and it succeeded to move from the main ISP connection to the Backup ISP due to the failure in the main ISP connection , but the problem is that the firewall doesn't return back to the main ISP connection when it comes up again

anybody can help??

Labels:
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎05-05-2008 03:38 PM

Could you post the asa config.

Rgds

Jorge

Jorge Rodriguez
0 Helpful

bluisana
Level 1
Level 1

‎02-25-2010 04:30 PM

Were you able to make this work?  Is there a way to send notifications when the connection switches to failover or back to the main connection?

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee
In response to bluisana

‎02-25-2010 05:04 PM

Yes, when a failover occurs it will log that in the syslogs and you can have these logs sent over as e-mail alerts.

Pls. refer here:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/l2.html#wp1773126

hostname(config)# logging mail critical

hostname(config)# logging from-address ciscosecurityappliance@example.com

hostname(config)# logging recipient-address admin@example.com

hostname(config)# smtp-server pri-smtp-host sec-smtp-host

I had answered something similar on another thread which you can read here:
https://supportforums.cisco.com/thread/2004158;jsessionid=8637C493FE7EE5B5A436EAEEAABE9C37.node0?tstart=0

CSCtc16148
CSCsk65652

Check them both out. Neither of them is resolved yet.

Symptom:

Route Tracking may fail to fail back to the primary link/route when restored.

Conditions:

SLA monitor must configured along with ip verify reverse path on the tracked interface.

Workaround:

1. Remove ip verify reverse path off of the tracked interface

or

2. add a static route to the SLA target out the primary tracked interface.

Further Problem Description:

N/A



-KS
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card