cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2163
Views
5
Helpful
15
Replies

Configuring Failover DUAL ISP on Single ASA 5515X using Static Route SLA monitoring

V Rajshekar
Level 1
Level 1

I configured, 

 

interface GigabitEthernet0/0
description WAN
nameif outside
security-level 0
ip address 203.92.x,x 255.255.255.248

interface GigabitEthernet0/3
description TATA_WAN
nameif Backup-link
security-level 0
ip address 203.192.x.x 255.255.255.248

 

route outside 0.0.0.0 0.0.0.0 203.92.x.x 1 track 10
route Backup-link 0.0.0.0 0.0.0.0 203.192.x.x 2

 

track 10 ip sla 10 reachability

 

sla monitor 10
type echo protocol ipIcmpEcho 4.2.2.2 interface outside
frequency 5
sla monitor schedule 1 life forever start-time now

 

After I added this config, when I check "show route"  it does not display the default route.

1 Accepted Solution

Accepted Solutions

could you post the full output of show route before and after you add the tracking to the default route.

Also provide the full output of show sla monitor operational-state once you have added tracking.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

15 Replies 15

And what does "show route" display? And what gives "show sla monitor operational-state"?

This is odd behavior.  I set this up in my home lab and got the same result that when the SLA timeout the backup default route was not entered into the routing table.  I then removed the backup route and readded it using administrative distance 254 and that worked.  switch back to administrative distance 2 and now that also worked.  not sure what happened.

 

Try what I did, remove it, add it back with 254, test that it works, then remove and add it back with 2.

--
Please remember to select a correct answer and rate helpful posts

Thank you for the quick response.

 

As soon as I add the SLA monitoring config for the static route. The primary ISP link goes down and the route is deleted from the routing table and the failover also does not happening. I tried it with metric, 2, 10, 254 none of them helped.

is this a typo?

sla monitor schedule 1 life forever start-time now

 

it should be sla monitor schedule 10 life forever start-time now

--
Please remember to select a correct answer and rate helpful posts

@Marius Gunnerud Yes that was a typo. In the config s

la monitor schedule 10 life forever start-time now

Could you post the full running config of the ASA (remember to remove public IPs, usernames and passwords.)

--
Please remember to select a correct answer and rate helpful posts

Hi @Marius Gunnerud

 

 

Thank you. Here you go, this was taken when the issue occurred 

 

 

For now, i have removed the SLA configuration from the running config as it was causing issues.

This is the first time I have seen "track 10 ip sla 10 reachability" on an ASA.  I checked an ASA running version 9.6 and this command is not present on it.  could you try changing this to "track 10 rtr 10 reachability"

--
Please remember to select a correct answer and rate helpful posts

Hi @Marius Gunnerud

 

Sorry, I made a mistake while entering, i tried it with 

track 10 rtr 10 reachability

It still behaves the same

This is odd.  could you provide an output of show route before and after failover?

also issue the command show sla monitor operational-state before and after failover.

Also, have you tried a restart of the ASA?

--
Please remember to select a correct answer and rate helpful posts

 

Before performing the failover, as soon as the SLA is configured for the primary route, the route is removed. The primary link is still connected and running however for some reason ASA does delete the default routes. 

 

I will try rebooting, I have not tried that yet.

If it is removed the right when you add tracking to the route, then it sounds like there is an issue with reachability towards 4.2.2.2.  Perhaps it is dropped in a firewall in the path or a routing issue.  Are you able to ping 4.2.2.2 from the ASA?  What if you tried using 8.8.8.8?

--
Please remember to select a correct answer and rate helpful posts

Hi @Marius Gunnerud

 

I am able to ping 4.2.2.2 and 8.8.8.8 before adding the SLA config.

 

However, as soon as I add it, the default route is removed and failover does not happen.

could you post the full output of show route before and after you add the tracking to the default route.

Also provide the full output of show sla monitor operational-state once you have added tracking.

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card