Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2835
Views
0
Helpful
3
Replies

SLA Tracking in ASA

Syed Yasir Imam
Beginner
Beginner

‎12-13-2013 02:30 PM - edited ‎03-11-2019 08:17 PM

Hi,

I am trying to understand SLA tracking "timers and time-outs" but unfortunately not feeling comfortable/confident with my understanding. Need some help!

==========================================

sla monitor 123

   type echo protocol ipIcmpEcho 192.168.1.2 interface INSIDE

   num-packets 3

   timeout 120000

   frequency 120

sla monitor schedule 123 life forever start-time now

track 1 rtr 123 reachability

route INSIDE 0.0.0.0 0.0.0.0 192.168.1.2 track 1

route INSIDE 0.0.0.0 0.0.0.0 192.168.1.1 254

AGENDA-1:

192.168.1.2 is firewall's static default gateway which if down, should be changed to 192.168.1.1. Firewall should consider the primary gateway (192.168.1.2) down if it doesn't respond to ping till 6 minutes. Probe routine shouldn't be very chatty, therefore probe routine should start new probe after 2 minutes - in other words, last state of tracked object will remain as it is till 2 minutes.Have i used above commands correctly?

AGENDA-2:

When 192.168.1.2 (primary default gateway) comes up again, i want to check its stability before any change in routing decision. Can I check if primary gateway (192.168.1.2) is now stable that is responded successfully till 6 minutes, now is the time to revert back the default route from backup gateway (192.168.1.1) to primary gateway (192.168.1.2)?

Labels:
0 Helpful
3 Replies 3