Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1478
Views
7
Helpful
2
Replies

Cisco Firepower - IP SLA with ECMP Zone

AlexandreMoniot
Level 1
Level 1

‎02-23-2023 01:50 AM

Hello,


I have a cluster of Firepower 3120 in HA (active/passive). In two different tech room. They are managed by FMC. Devices are in version 7.3.

I have 2 ISP (ISP1 and ISP2) with 1Gbps link each and i set up an ECMP zone for loadbalancing the traffic between this two links.

I have a third ISP (ISP3) with 100Mbps link capacity.

Physically, ISP1 and ISP2 arriving in Room1 and ISP3 arriving in Room2.

With this configuration, if i unplug ISP1 or ISP2, the routing table is not updated and i lost some traffic.

Waht i would like to do is configuring an IP SLA rule between this two link. If one link fails, i want all the traffic passing by the other one.

Is activating IP SLA object on the statics routes is suffisant to do this?

An other question, in fact that my two main ISP's routers are located in the same room, if for some reason i lost this room (powerloss for example), is it possible to configure a second IP SLA law which activate the 3rd ISP link if i lose ISP1 and ISP2.

Thanks for your help.

Regards

2 Replies 2

lciccare
Cisco Employee
Cisco Employee

‎03-15-2023 04:44 AM

Hi @AlexandreMoniot.

As I understand, you have a similar configuration as the one shown in the Firepower Management Center Device Configuration Guide, 7.1 - Chapter: ECMP :

lciccare_1-1678880296449.png

 

If you followed the configuration provided in the guide:

"R3, follows R4>R1>R3 or R4>R2>R3, based on the ECMP algorithm. If R1>R3 route is lost, the traffic flows through R2 without any packet drops. Similarly, the response from R3 can be received by Outside2 though the packet was sent from Outside1. In addition, when the network traffic is heavy, R4 distributes them between the two routes and thus balances the load. "

Let me know if it was useful and in case it was not, please provide me with information about the configuration.

 

You can also learn more about Cisco Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.

 

Kind regards,

Luca

AlexandreMoniot
Level 1
Level 1
In response to lciccare

‎06-16-2023 07:53 AM

Hi Luca,

Sorry for the late reply, i haven't been notify of a reply on this thread.

Since, i have managed to make it work as expected.

Thank you again for the help, it may helps someone.

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card