Solved: SLA monitor on dual dynamic ISP ASA5505

jorgeningvald · ‎11-19-2013

Hello,

Trying to figure out if possible to run SLA monitor if I have dual dynamic ISP (DHCP), as both interfaces have setroute. How can I then track one of the connections?

Best regards

Jorgen

Marius Gunnerud · ‎11-19-2013

If you click on the link I provided it will take you to the section in the document where you will find the configuration required and explanation for the commands.

sla monitor 10

type echo protocol ipIcmpEcho interface

sla monitor schedule 10 start-time now life forever

track 1 rtr 10 reachability

interface phy_if

dhcp client route track track_id

the IP address in the sla monitor command should be a reliable address (perhaps a DNS server on the internet lik 4.2.2.2), that is if you do not have an IP at the ISP end you can ping.

--

Please rate all helpful posts.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

jumora · ‎11-19-2013

On the interface that you are not doing the tracking you need to modify the ad distance, this is done the next way:

enable

config t

interface vlan 3

dhcp client route distance 254

The interface VLAN 3 is the interface backup where you will have your backup ISP. For obvious reasons the interface needs a nameif this is just an example on how to set the route distance.

Juan Mora

We help you rate it!!!

Value our effort and rate the assistance!

View solution in original post

Marius Gunnerud · ‎11-19-2013

You would configure tracking as normal but on the physical interface you would add an extra command. Keep in mind that you MUST have the setroute keyword on the IP address command.

interface phy_if

dhcp client route track track_id

ip address dhcp setroute

You can configure static route tracking for  statically defined routes or default routes obtained through DHCP or  PPPoE. You can only enable PPPoE clients on multiple interface with  route tracking.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ip.html#wp1090243

--
Please remember to select a correct answer and rate helpful posts

jorgeningvald · ‎11-19-2013

Thanks Marius,

Can you help me with the commands that I need, have never done SLA monotoring.

Marius Gunnerud · ‎11-19-2013

If you click on the link I provided it will take you to the section in the document where you will find the configuration required and explanation for the commands.

sla monitor 10

type echo protocol ipIcmpEcho interface

sla monitor schedule 10 start-time now life forever

track 1 rtr 10 reachability

interface phy_if

dhcp client route track track_id

the IP address in the sla monitor command should be a reliable address (perhaps a DNS server on the internet lik 4.2.2.2), that is if you do not have an IP at the ISP end you can ping.

--

Please rate all helpful posts.

--
Please remember to select a correct answer and rate helpful posts

jumora · ‎11-19-2013

On the interface that you are not doing the tracking you need to modify the ad distance, this is done the next way:

enable

config t

interface vlan 3

dhcp client route distance 254

The interface VLAN 3 is the interface backup where you will have your backup ISP. For obvious reasons the interface needs a nameif this is just an example on how to set the route distance.

Juan Mora

We help you rate it!!!

Value our effort and rate the assistance!

jumora · ‎11-19-2013

Good example on the next link:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/d2.html#wp1947262

Value our effort and rate the assistance!

jumora · ‎11-19-2013

The reason is because DHCP addresses always give out an AD of 1 and the ASA will not install two default routes on two separate interfaces with the same AD and same prefix.

Value our effort and rate the assistance!

jumora · ‎11-19-2013

Rate our assistance since we deserve it!!

Thanks

Value our effort and rate the assistance!