Cisco ASA Route Tracking

bagiyevramin · ‎09-18-2018

Hello. In our company in the perimeter Cisco ASA. We have one provider and default route goes to them. The connection between company and provider is layer 2 mpls. Often provider's mpls appliance goes down. We lost connection to the other companies servers. Right now we access to the other companies servers through Internet. So we decided to make direct L2 (without MPLS) connection with the other companies. But we will still access Internet through our old provider (MPLS). I want uninterruptible connection with other companies. So i will make direct connections static routing with lower metric and default route with higher metric. Is this configuration OK?

ASA(config)# route outside 192.168.10.0 255.255.255.0 10.10.10.1 1

ASA(config)# route outside 192.168.20.0 255.255.255.0 20.20.20.1 1

ASA(config)# route outside 0.0.0.0 0.0.0.0 192.168.41.1 254

All information in the attachment.

Please help.

Julio E. Moisa · ‎09-18-2018

Hi,

This configuration will work whether your physical interface is down not the MPLS:

route outside 0.0.0.0 0.0.0.0 192.168.41.1 254

Now you could configure an IP SLA and track to monitor the connectivity and if it is down move the traffic to the back up link.

A configuration can be:

sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface OUTSIDE <-- your primary outside interface (MPLS nameif)
num-packets 5
frequency 10

sla monitor schedule 10 life forever start-time now

track 1 rtr 10 reachability

route OUTSIDE 0 0 X.X.X.X track 1 <--- your primary default route.

OUTSIDE = Primary path

OUTSIDE2 = Your Back up

8.8.8.8 = it is just a destination IP, you can select one known via the MPLS.

Now if you want to have 3rd path you could make something similar or use EEM to execute a script.

Hope it answered your question.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

bagiyevramin · ‎09-20-2018

Dear Julio.

There's no 2nd Internet Provider right now. 192.168.41.1 (MPLS Router) is only gateway for OUTSIDE.

There's no backup default route. So I don't see any meaning configuring IP SLA.

Direct connections with companies will give me uninterruptible access to their services without the need of MPLS.

I just want to get rid of MPLS when connecting to other companies servers. All other traffic will go OUTSIDE through MPLS.

So I want to config direct L2 connections with lower metric and default route (MPLS) with higher metric. Is this OK?

ASA(config)# route outside 192.168.10.0 255.255.255.0 10.10.10.1 1 (lower metric)

ASA(config)# route outside 192.168.20.0 255.255.255.0 20.20.20.1 1 (lower metric)

ASA(config)# route outside 0.0.0.0 0.0.0.0 192.168.41.1 254 (higher metric)