01-31-2017 01:44 AM - edited 03-12-2019 01:51 AM
Hi all,
We have an ASA 5510 with two ISP lines, one for main use, and the other as a backup. Static routes are used where the main line is SLA tracked. When traffic failsover to the backup line, everything works fine. But when the main line becomes active again, everything apart from a UDP SIP connection goes back to the main line.
I have seen that this is because the connections are not cleared as floating-conn is set to 00:00:00, and the route is not remapped because the connection doesn't recreate. What is the best practice for setting this timeout? Would 1 minute be suitable?
Many thanks
Aaron
Solved! Go to Solution.
01-31-2017 05:02 AM
1 minute is suitable for this timer. This is also the value set in this Cisco document that details your exact issue:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113592-udp-traffic-fails-00.html
You can even set a 30 second timer if faster convergence is required.
01-31-2017 05:02 AM
1 minute is suitable for this timer. This is also the value set in this Cisco document that details your exact issue:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113592-udp-traffic-fails-00.html
You can even set a 30 second timer if faster convergence is required.
01-31-2017 06:14 AM
Many thanks, I did see that but on some other forums apparently 1 minute is too low. At least I don't have to manually enter clear conn now everytime it happens.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide