cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1234
Views
0
Helpful
5
Replies

ASA with redundant default route

alex goshtaei
Level 1
Level 1

Hi All,

we have ASA 5510. it's conencted to internet and MPLS cloud by outside and inside interface respectively. we'd like to setup EIGRP routing protocol on ASA, if internet link is being down, default route will be changed to MPLS cloud. we added delay on MPLS router interface, so it is used as backup and populate (0.0.0.0) network from both internet and MPLS routers to ASA.

is there any documentation for setting up preferred route by EIGRP on ASA? there is document for IOS router, but ASA looks different.

thanks

Alex

1 Accepted Solution

Accepted Solutions

Honestly, if you have just one exit point for failover, it would be easier to set one static route like my original answer.

Assuming that the Internet router goes down, your default route from your ASA now points to your internet router (I'm assuming without seeing your routing table). If that router goes down, now your default route no longer responds. You'll need to set another default route on your ASA to be used in case your other router doesn't respond:

Internet router: 1.1.1.1

MPLS router: 2.2.2.2

Route statements on ASA:

route outside 0.0.0.0 0.0.0.0 1.1.1.1

route inside 0.0.0.0 0.0.0.0 2.2.2.2 254

In THEORY, this should work, so I wouldn't do it until after hours to test it. When the 1.1.1.x route no longer responds, it will automatically roll over to the floating route and start sending all traffic that's not known to it to your MPLS side.

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

5 Replies 5

John Blakley
VIP Alumni
VIP Alumni

If you're wanting EIGRP routes to be preferred over the static, then you'll need to add your static route with a higher AD (something like 250):

route outside 0.0.0.0 0.0.0.0 1.1.1.1 250

Your EIGRP routes will have an AD of 90, so they'll be preferred as long as the neighbor is up and doesn't withdraw its routes. I hope I'm understanding what you want.

HTH,

John

Please rate helpful posts.

HTH, John *** Please rate all useful posts ***

thanks for your reply,

so on the router that running EIGRP, we have to add (netwrok 0.0.0.0 255.255.255.255) command to populate to ASA? and how does ASA know route traffic from inside or outside when gets routing table from the router running EIGRP?

thanks

Alex

I'm sorry Alex. I don't think I understood your question. Are you wanting to share your EIGRP table from your router to the ASA, or are you wanting to supply a default route to the ASA from the router?

Does this look like your topology:

Router

   |

ASA

   |

LAN

If you only have the one device between the ASA and the router, it would be easier to just create a static default route on the ASA pointing to your router. Then you'd only have to worry about managing the EIGRP routes on the router and not two devices. Does your ASA have multiple paths out of the network?

HTH,

John

HTH, John *** Please rate all useful posts ***

sorry for my unclear question. here is the topology:

MPLS router -- inside ASA -- outside ASA -- internet router

if internet router is down, we want ASA to route all traffic from inside to the MPLS router. service provider running EIGRP on both MPLS and internet router.

thanks

Alex

Honestly, if you have just one exit point for failover, it would be easier to set one static route like my original answer.

Assuming that the Internet router goes down, your default route from your ASA now points to your internet router (I'm assuming without seeing your routing table). If that router goes down, now your default route no longer responds. You'll need to set another default route on your ASA to be used in case your other router doesn't respond:

Internet router: 1.1.1.1

MPLS router: 2.2.2.2

Route statements on ASA:

route outside 0.0.0.0 0.0.0.0 1.1.1.1

route inside 0.0.0.0 0.0.0.0 2.2.2.2 254

In THEORY, this should work, so I wouldn't do it until after hours to test it. When the 1.1.1.x route no longer responds, it will automatically roll over to the floating route and start sending all traffic that's not known to it to your MPLS side.

HTH,

John

HTH, John *** Please rate all useful posts ***
Review Cisco Networking for a $25 gift card