Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
462
Views
0
Helpful
4
Replies

PBR with tracking error

Go to solution
Lost & Found
Level 2
Level 2

‎11-06-2015 07:39 AM - edited ‎03-11-2019 11:50 PM

I already upgraded my ASA version to 9.4 and now it working with PBR.

But I'm having issues on setting up the sla monitor.

 

Test# sh track

Track 1

  Response Time Reporter 1 reachability

  Reachability is Up

  276 changes, last change 00:03:02

  Latest operation return code: OK

  Latest RTT (millisecs) 1

Track 2

  Response Time Reporter 2 reachability

  Reachability is Down

  1 change, last change 05:49:34

  Latest operation return code: Timeout

 

sla monitor 1

type echo protocol ipIcmpEcho 122.X.X.X interface outside

frequency 10

sla monitor schedule 1 life forever start-time now

sla monitor 2

type echo protocol ipIcmpEcho 121.X.X.X interface outside2

frequency 10

 

 

From FW: ping test on both WAN

T# ping 122.X.X.X

!!!!!

T# ping 121.X.X.X

!!!!!

all end point was able to ping.

 

thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-06-2015 08:55 AM

I suspect what is happening is the IP SLA is using the default route to ping the IPs and so the traffic is sourced from outside2 but it goes out and comes back in via the outside interface.

You can use PBR for traffic generated by the device itself with IOS but it doesn't seem to be supported on the ASA or at least I can't find it.

So have you tied your PBR confiiguration to the IP SLA ?

If so try adding a host specific route to the ASA for the IP you are pinging on the outside2 interface ie.

route (outside2) 121.x.x.x 255.255.255.255 <next hop IP>

this should force the ping to go out of the right interface.

Unless of course the IPs you are pinging are the actual next hop IPs in which case not sure what is happening.

Jon

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-06-2015 08:55 AM

I suspect what is happening is the IP SLA is using the default route to ping the IPs and so the traffic is sourced from outside2 but it goes out and comes back in via the outside interface.

You can use PBR for traffic generated by the device itself with IOS but it doesn't seem to be supported on the ASA or at least I can't find it.

So have you tied your PBR confiiguration to the IP SLA ?

If so try adding a host specific route to the ASA for the IP you are pinging on the outside2 interface ie.

route (outside2) 121.x.x.x 255.255.255.255 <next hop IP>

this should force the ping to go out of the right interface.

Unless of course the IPs you are pinging are the actual next hop IPs in which case not sure what is happening.

Jon

0 Helpful

Go to solution
Lost & Found
Level 2
Level 2
In response to Jon Marshall

‎11-07-2015 04:59 AM

Hi Jon,

Thanks. Youre right. Because upon check traffic is routing on 122.  Anyway ill the new conf. Ill just give you the update.

0 Helpful

Go to solution
Lost & Found
Level 2
Level 2
In response to Jon Marshall

‎11-13-2015 04:42 AM

Hi Jon,

I forgot to edit the post. now It's working. 

Thank you

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Lost & Found

‎11-13-2015 04:42 AM

Sorry but can't see photo.

Can you post a "sh route" from your ASA ?

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card