ASA 5510 with redundant dual ISP with DCHP?

ljoosten53130 · ‎09-17-2012

I have an ASA 5510 with one primary ISP with a static IP block amd a 2nd ISP with DHCP IP adresses.

I want to use the 2nd as a backup if the primary fails.

I do have it setup as below, but it is not failing over when the primary goes down.

Result of the command: "sh run"

: Saved
:
ASA Version 8.2(2)
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 12.145.160.154 255.255.255.248
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface Ethernet0/2
nameif backup
security-level 0
dhcp client route distance 254
ip address dhcp setroute
!
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
access-list inside_nat0_outbound extended permit ip any 192.168.0.224 255.255.255.224
access-list inside-networks standard permit 192.168.0.0 255.255.255.0
mtu outside 1500
mtu inside 1500
mtu backup 1500
icmp unreachable rate-limit 1 burst-size 1
global (outside) 1 interface
global (backup) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 12.145.160.153 128 track 1
sla monitor 123
type echo protocol ipIcmpEcho 12.145.160.153 interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
!
track 1 rtr 123 reachability
dhcp-client client-id interface backup
dhcpd auto_config outside
!
: end

Result of the command: "show running-config sla monitor"

sla monitor 123
type echo protocol ipIcmpEcho 12.145.160.153 interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now

Result of the command: "show sla monitor configuration 123"

IP SLA Monitor, Infrastructure Engine-II.
Entry number: 123
Owner:
Tag:
Type of operation to perform: echo
Target address: 12.145.160.153
Interface: outside
Number of packets: 3
Request size (ARR data portion): 28
Operation timeout (milliseconds): 5000
Type Of Service parameters: 0x0
Verify data: No
Operation frequency (seconds): 10
Next Scheduled Start Time: Start Time already passed
Group Scheduled : FALSE
Life (seconds): Forever
Entry Ageout (seconds): never
Recurring (Starting Everyday): FALSE
Status of entry (SNMP RowStatus): Active
Enhanced History:

Result of the command: "show sla monitor operational-state"

Entry number: 123
Modification time: 08:53:30.913 UTC Fri Sep 14 2012
Number of Octets Used by this Entry: 1480
Number of operations attempted: 27449
Number of operations skipped: 0
Current seconds left in Life: Forever
Operational state of entry: Active
Last time this entry was reset: Never
Connection loss occurred: FALSE
Timeout occurred: FALSE
Over thresholds occurred: FALSE
Latest RTT (milliseconds): 1
Latest operation start time: 13:08:10.913 UTC Mon Sep 17 2012
Latest operation return code: OK
RTT Values:
RTTAvg: 1 RTTMin: 1 RTTMax: 1
NumOfRTT: 3 RTTSum: 3 RTTSum2: 3

Result of the command: "show route"

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 12.145.160.153 to network 0.0.0.0

C    67.53.130.0 255.255.255.0 is directly connected, backup
C    192.168.0.0 255.255.255.0 is directly connected, inside
S    192.168.0.233 255.255.255.255 [1/0] via 12.145.160.153, outside
C    12.145.160.152 255.255.255.248 is directly connected, outside
S*   0.0.0.0 0.0.0.0 [128/0] via 12.145.160.153, outside