How to configure an alternative network exit?

Roberto_BL · ‎01-23-2018

Hello, this is my first post in this community, we have a Cisco ASA 5512-X and two networks in our system, one primary and one secondary, me connect to the internet through the primary network but we want to configure also the secondary network so in case of disaster we will be able to connect to the internet using this secondary network, this is possible?

Thanks!

Bogdan Nita · ‎01-23-2018

Hi @Roberto_BL and welcome to the community,

ASA does support tracking routes in order to enable backup internet connections.

Here is a link on how to configure it:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html

HTH

Bogdan

Roberto_BL · ‎01-24-2018

Hello and thank you for your quick response! , i tried to follow the article you send me step by step and i'm haven't been able to made it work.

In the last part of the article there are a part called "Confirm that the Backup Route is Installed (ASDM Method)"and i followed the steps and the result is incorrect.

The only diference between the configuration of the article and my configuration is that my main interface have a IP given by DHCP and the secondary uses PPPoE, any ideas?

Bogdan Nita · ‎01-24-2018

Getting your IPs over DHCP or PPPoE could be a problem if the default gateway is changing.

Because you are actually using static routes, you will have to point the routes to the correct next hop IP.

If the default gateway provided by the ISP stays the same config should be working.

At the "Confirm that the Backup Route is Installed (ASDM Method)" part I assume you are able to view the primary route, but you are not able to see the backup route.

After forcing the primary connection to fail, you can have a look at your checks using:

show sla monitor operational-state
show track

If the primary connection failed, the check should report failed as well.

HTH

Bogdan