cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1591
Views
0
Helpful
3
Replies

dual isp with asa and dynamic ip's on the outside

network770
Level 1
Level 1

I have a site with an ASA5505 and 2 isp connections but the catch is the 2 isp's are giving me a dynamic IP so I am unable to use this

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Any idea?

how do my routes differ? etc.?

3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Ronni,

Why is this not going to work?

As soon as you always have the interface up and working it should succed on the monitoring process.

You will have 2 ISP default gateways Ip addresses right?

So that is all you need, then select a target to monitor the SLA process.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

I can't see how this will work because with the dynamic ip from the isp I don't have a default gateway defined but rather I have ''ip address dhcp setroute' on the outside vlan and that is taking care of my default gateway.  Also if I have no default gateway defined how do I apply ipsla and tracking, on which route?

can you please post a sample config if you don't mind

Hello Ronni,

so its DHCP for the ISP not for your interface.

That is different, I think you will need to have unless one destination ip address for the default gateway so you can use it to track it as there is no metric option on the following command:

interface gigabitEthernet 0/0

  ip address dhcp setroute

Rigth now I think that is the only option you have to make SLA work.

Here are the requirements for SLA on an ASA

Requirements

Choose a monitoring target that can respond to ICMP echo requests. The target can be any network object that you choose, but a target that is closely tied to your ISP connection is recommended. Some possible monitoring targets include:

  • The ISP gateway address (You do not have it)
  • Another ISP-managed address
  • A server on another network, such as a AAA server, with which the security appliance needs to communicate
  • A persistent network object on another network (a desktop or notebook computer that you can shut down at night is not a good choice)

This document assumes that the security appliance is fully operational and configured to allow the Cisco ASDM to make configuration changes.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: