04-06-2011 06:51 PM - edited 03-11-2019 01:17 PM
Hello everyone,
I would like to setup backup ISP in our ASA5510. Right now the the firewall has for defualt gateway following command:
"route outside 0.0.0.0 0.0.0.0 114.324.321.33 1" i am changing this to
route outside 0.0.0.0 0.0.0.0 114.324.321.33 10 track 1 ...so i can setup sla monitoring
As soon as i do the above command and remove the orignal "route outside 0.0.0.0 0.0.0.0 114.324.321.33 1" from asa then internet connection drops.
Right now asa interface Ethernet0/0 has main isp configured and configuring interface Ethernet0/3 as backup.
interface Ethernet0/3
nameif backup
security-level 0
ip address 114.324.321.34 255.255.255.252
no shut
global (backup) 1 interface
route outside 0.0.0.0 0.0.0.0 114.324.321.33 10 track 1 ( Right now in firewall i have" route outside 0.0.0.0 0.0.0.0 114.324.321.33 1 " )
route backup 0.0.0.0 0.0.0.0 115.283.212.23 20 track 2
track 1 rtr 1 reachability
track 2 rtr 2 reachability
sla monitor 1
type echo protocol ipIcmpEcho 114.324.321.33 interface outside
sla monitor schedule 1 life forever start-time now
sla monitor 2
type echo protocol ipIcmpEcho 115.283.212.23 interface backup
sla monitor schedule 2 life forever start-time now
----------------------------------------
Also our firewall has site to site vpn and 1 main ip configured for exchange and remote access.
04-06-2011 07:22 PM
Hi,
ASA/PIX wont allow us to configure default route with same AD.
You can increase the AD value for the backup default route and apply the TRACK in the primary default route.
Also no need to apply the track to backup default route.
Updated configuration:-
interface Ethernet0/3
nameif backup
security-level 0
ip address 114.324.321.34 255.255.255.252
no shut
global (backup) 1 interface
route outside 0.0.0.0 0.0.0.0 114.324.321.33 1 track 1
route backup 0.0.0.0 0.0.0.0 115.283.212.23 254
track 1 rtr 1 reachability
sla monitor 1
type echo protocol ipIcmpEcho 114.324.321.33 interface outside
sla monitor schedule 1 life forever start-time now
Thanks
Karuppu
04-06-2011 07:44 PM
Karuppu, thanks for the quick response, will try that and let you know.
04-07-2011 06:30 AM
As soon as i took out "route outside 0.0.0.0 0.0.0.0 173.251.14.33 1" this and added " route outside 0.0.0.0 0.0.0.0 173.251.14.33 1 track 1" internet went down.
Let me give you more information how our isp gateway is setup:
global (outside) 1 interface
nat (inside) 0 access-list HOME-REMOTENONAT
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface smtp Exchange2010 smtp netmask 255.255.255
.255
static (inside,outside) tcp interface https Exchange2010 https netmask 255.255.2
55.255
static (inside,outside) tcp interface 3389 10.10.10.203389 netmask 255.255.255.2
55
access-group 101 in interface outside
route outside 0.0.0.0 0.0.0.0 114.324.321.33 1
route inside 10.10.4.0 255.255.255.0 10.10.4.1 1
route inside 10.10.5.0 255.255.255.0 10.10.5.1 1
route inside 10.10.6.0 255.255.255.0 10.10.6.1 1
route inside 10.10.7.0 255.255.255.0 10.10.7.1 1
route inside 10.10.8.0 255.255.255.0 10.10.8.1 1
route inside 10.10.9.0 255.255.255.0 10.10.9.1 1
Pls help, thanks.
04-13-2011 08:32 PM
any advise on this, pls.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide