Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1806
Views
0
Helpful
5
Replies

ASA Failover

M Rinaldy Aulia
Level 1
Level 1

‎10-21-2019 09:18 PM - edited ‎02-21-2020 09:36 AM

Hi All,

 

I have a question during my project for ASA High Availability

Here's the topology :

Topology.JPG

 

The Failover already working, but one point was not working .

So if we remove cable from ISP 1 (orange cable / A), the traffic didn't go through ISP 2.

 

But if we shutdown manually connection of ASA - Switch Edge (Orange Cable / Point B) and automatically ASA Secondary Orange Cable will be shutdown due sync.. The traffic will working to ISP 2.

 

We are using 2 IP Route and SLA for the configuration

 

 

route Outside3 0.0.0.0 0.0.0.0 123.231.x.x 1 track 1
route Outside 0.0.0.0 0.0.0.0 202.159.x.x 2

sla monitor 1
 type echo protocol ipIcmpEcho 123.231.x.x interface Outside3
sla monitor schedule 1 life forever start-time now

track 1 rtr 1 reachability

 

 

Do you have any idea about this one? What I should to do for troubleshoot?

1 person had this problem
0 Helpful
5 Replies 5

Deepak Kumar
VIP Alumni
VIP Alumni

‎10-21-2019 09:45 PM

Hi,

Try to make SLA timeout after some specific timing and packet drop as:

sla monitor 1
 type echo protocol ipIcmpEcho 123.231.x.x interface Outside3
num-packets 3
frequency 3

It will make SLA down after 9 to 12 seconds. 

 

Second Question: Are your both WAN links under the failover monitor? 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

M Rinaldy Aulia
Level 1
Level 1
In response to Deepak Kumar

‎10-21-2019 10:20 PM

Hi Deepak,

 

Thank you.

i will confirm again at my customer site, for the timeout.

But As I remember, there’s already a timeout during the SLA.

 

because When I show route on ASA (if the cable from ISP1 - Switch Edge removed), route 0.0.0.0 0.0.0.0 already via ISP 2. And ASA can ping to internet

But from the user, we still can’t ping internet.

 

So we need to shutdown first Interface from ASA - Switch Edge (Traffic to ISP1)

 

No i didnt put monitor on interface WAN.

And the interface to ISP 1 and 2 doesnt have a standby IP, since availability

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to M Rinaldy Aulia

‎10-21-2019 11:30 PM

Hi,

As you said that you can ping the Internet via ISP2 but no internet on the client system then I am assuming some more testing as:

1. Is DNS working during this downtime?

2. Is Xlate table issue?

3. Is the system failover happening after disconnecting the cable?

4. Is routing table updating (as you can ping the internet using ISP2 so I don't think routing table issue? This may be due to SLA & tracker.

 

Could you check the above things and share running configuration with logs.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

M Rinaldy Aulia
Level 1
Level 1
In response to Deepak Kumar

‎10-22-2019 01:59 AM

Hi Deepak,

 

1. Is DNS working during this downtime? I assuming the DNS working, but user no internet connection during ISP 1 Fail (without shutdown the interface). I only can ping the internet from ASA

2. Is Xlate table issue? I'm not yet touching this area.

3. Is the system failover happening after disconnecting the cable? No, failover not happening.

4. Is routing table updating (as you can ping the internet using ISP2 so I don't think routing table issue? This may be due to SLA & tracker // Yes, it's updating the 0.0.0.0 0.0.0.0 to ISP2 

 

Could you check the above things and share running configuration with logs.

Preview file
271 KB
0 Helpful

M Rinaldy Aulia
Level 1
Level 1
In response to Deepak Kumar

‎10-22-2019 02:00 AM

Hi Deepak,

 

Attached the show run configuration

Preview file
271 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card