04-01-2020 01:07 PM
I need some assistance configuring an automatic failover/backup route. My network has a primary ISP that connects to an ASA at one location and a backup ISP that connects to another ASA at a different location. Currently, if our primary ISP link goes down we have to manually change a static route on two layer-3 core switches to point to the secondary ASA/ISP. I would like to configure it to failover to the secondary automatically and failback when the primary comes back up. Any guidance is appreciated.
Thanks,
Solved! Go to Solution.
04-01-2020 02:08 PM
Hello,
have a look at the document below:
Configure the ASA for Redundant or Backup ISP Links
04-01-2020 01:19 PM
you can track the default route from isp for failover
04-01-2020 02:08 PM
Hello,
have a look at the document below:
Configure the ASA for Redundant or Backup ISP Links
04-02-2020 12:10 AM
Hi,
If you want a functional solution and not just some opinions, attach a diagram, even hand made and picture it, specifying the layer 3 devices (edge/core), the IP interconnects, what kind of static/dynamic routing you run where (internal routing in your network and external routing towards your ISP).
Regards,
Cristian Matei.
04-03-2020 06:36 AM
04-03-2020 06:52 AM
Hi,
Is dynamic routing between your switches and ASA's an option? Do you run any routing protocol currently?
Regards,
Cristian Matei.
04-03-2020 09:25 AM
Currently, we have a mix of Static routes and EIGRP.
04-04-2020 05:33 AM
Hi,
You could run EIGRP up to the two ASA's; on the ASA's sun EIGRP only on the inside interface. Configure default route on both ASA's, with tracking (in order to be redistributed via EIGRP only if the next-hop is reachable), and redistribute the default route into EIGRP on both ASA's, with a better metric from the ASA that you want to be preferred for Internet exit.
sla monitor 100
type echo protocol ipIcmpEcho 2.2.2.254 interface outside
num-packets 3
frequency 10
!
sla monitor schedule 100 life forever start-time now
track 1 rtr 100 reachability
route outside 0.0.0.0 0.0.0.0 203.0.113.2 1 track 1
!
prefix-list DEFAULT_ROUTE permit 0.0.0.0/0
route-map DEFAULT_ROUTE permit 10
match ip address prefix DEFAULT_ROUTE
set metric xx xx xx xx xx
!
router eigrp 100
redistribute static route-map DEFAULT_ROUTE
Regards,
Cristian Matei.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide