Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
630
Views
0
Helpful
5
Replies

Permanent route on Cisco ASA

ms-tech-001
Level 1
Level 1

‎07-02-2017 11:23 PM - edited ‎03-12-2019 02:39 AM

Can I please know if there is anyway to make a permanent static route on cisco asa 5506x?  I am basically looking for a PPTPoE route to be available  in the routing table all the time so that my backup route won't get activated when there is some issue with the primary connection.

Thanks.

MS

Labels:
0 Helpful
5 Replies 5

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎07-02-2017 11:41 PM

You can use metric to define the route to be chosen but once this is down, the other route (with higher metric) will take over.


Is there any specific reason you want to keep the backup route but not have it activated once the primary goes down ?

I'd suggest you have IP SLA setup to monitor ISP links
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html


Regards
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful

ms-tech-001
Level 1
Level 1
In response to Dinesh Moudgil

‎07-03-2017 12:09 AM

Thanks for the reply Dinesh. We have two ISP connected to our asa, one for general internet stuff and the second one dedicated to voip. We are using route-map to send the voip traffic to the backup connection. We thought about SLA monitoring but we have only base license. I believe that you need a security plus license to enable SLA? Also we noticed some issue with route-map when the backup connection become active and I think this issue will continue  even we proceed with SLA monitor. Our route-map acl has configured to permit only the  voip gateway to use the backup connection and this works fine when both connections are active but as soon as the primary route disappeared from the routing table all other devices will start to use the backup connection. Can I please know why this is happening and is there anyway to stop this. 

Thanks

MS

0 Helpful

Dinesh Moudgil
Cisco Employee
Cisco Employee
In response to ms-tech-001

‎07-03-2017 12:38 AM

One thing that you can try is to modify the access-list applied to PBR on 2nd ISP which is dedicated to voip gateway so that the data traffic is implicitly dropped due to deny in access-list.

Regards
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful

ms-tech-001
Level 1
Level 1
In response to Dinesh Moudgil

‎07-04-2017 07:45 PM

Thanks Dinesh. I will try your suggestion. I was under impression that there is a an implicit deny  at the end of route-map acl. Do you know if SLA monitor requires a security plus license? I enabled the SLA monitor but the debugging not showing anything?

0 Helpful

Dinesh Moudgil
Cisco Employee
Cisco Employee
In response to ms-tech-001

‎07-04-2017 09:45 PM

The IP SLA Monitoring could be configured in all type of licenses, there are no specific requirements for this feature.

I doubt this is possible via PBR. Selective traffic propagation might not work as track will failover all the traffic. You might want to create an access-list entry for an access-list applied on ingress interface that will block your traffic which should not be allowed via second ISP.

Hope this helps.

Regards
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card