10-30-2020 11:17 AM
Hi team! community forum delete my previous post concerbed it as "double post"...don know why)
My goal is to achieve auto switch to backup ISP YOTA if primary OUTSIDE goes down...
1. There are no static routes, does it correct?
2. ASA accept only one string with dhcpd auto_config OUTSIDE
if i put commant dhcpd auto_config YOTA, it;s overright previous OUTSIDE.
interface GigabitEthernet1/1 nameif OUTSIDE security-level 0 dhcp client route track 10 ip address dhcp setroute ! interface GigabitEthernet1/2 nameif YOTA security-level 0 dhcp client route distance 254 ip address dhcp setroute ! sla monitor 100 type echo protocol ipIcmpEcho 8.8.4.4 interface OUTSIDE num-packets 5 threshold 6000 frequency 10 sla monitor schedule 100 life forever start-time now ! track 10 rtr 100 reachability ! dhcp-client client-id interface OUTSIDE dhcp-client client-id interface YOTA dhcpd auto_config OUTSIDE ! dhcpd address 192.168.22.100-192.168.22.200 INSIDE dhcpd dns 1.1.1.1 208.67.222.222 interface INSIDE dhcpd enable INSIDE
Solved! Go to Solution.
09-29-2021 12:32 AM
yeah, customer has bought static IP from ISP.
now SLA works like a charm)
thank you team for helpful advices.
10-30-2020 11:39 AM
off topic)
ssh version 2
just reload ASA and saw....why it sjows that i using v1?
Reading from flash... !!!...WARNING: This command will not take effect until interface 'OUTSIDE' has been assigned an IPv4 address WARNING: SSH version 1 is not secure. It is recommended that only SSH version 2 be used. SSH version 1 support will be removed in a future release. *** Output from config line 202, "ssh 0.0.0.0 0.0.0.0 OUTS..." WARNING: SSH version 1 is not secure. It is recommended that only SSH version 2 be used. SSH version 1 support will be removed in a future release. *** Output from config line 203, "ssh 0.0.0.0 0.0.0.0 INSI..." WARNING: This command will not take effect until interface 'MGMT' has been assigned an IPv4 address WARNING: SSH version 1 is not secure. It is recommended that only SSH version 2 be used. SSH version 1 support will be removed in a future release. *** Output from config line 204, "ssh 0.0.0.0 0.0.0.0 MGMT" WARNING: This command will not take effect until interface 'MGMT' has been assigned an IP address *** Output from config line 209, "management-access MGMT"
10-30-2020 11:40 AM
ASA5506X# sh run | i ssh aaa authentication ssh console LOCAL ssh stricthostkeycheck ssh 0.0.0.0 0.0.0.0 OUTSIDE ssh 0.0.0.0 0.0.0.0 INSIDE ssh 0.0.0.0 0.0.0.0 MGMT ssh timeout 40 ssh version 2 ssh key-exchange group dh-group14-sha1 ASA5506X#
10-30-2020 03:14 PM - edited 10-31-2020 07:14 AM
ip address dhcp <-- meaning the ASA as DHCP client and in your case the dual ISP it have client for both outside and Yota
dhcpd enable INSIDE<--this make ASA as DHCP server for INSIDE client
dhcpd auto-config copy any parameter get from Server "when the ASA as DHCP client" to when the ASA as DHCP Server.
ip address dhcp setroute<-- this command is config default route toward the GW you get from DHCP server "when the ASA as DHCP server".
10-30-2020 03:52 PM - edited 10-30-2020 03:53 PM
Hello
Looks like you have it correct-
Example:
sla monitor 1
type echo protocol ipIcmpEcho 8.8.4.4 interface OUTSIDE
num-packets 3
frequency 10
sla monitor schedule 1 life forever start-time now
track 1 rtr 1 reachability
int gig1/1
ip address dhcp setroute
dhcp client route track 1
interface gig1/2
ip address dhcp setroute
dhcp client route distance 254
10-31-2020 07:17 AM
Hi Friend
I think I get what you want to achieve here,
the issue arise from your have dual ISP and each one have it DNS Server and dhcpd auto-config can apply for only one OUTSIDE "one ISP" so my suggest is config the DHCP primary and secondary for your client instead of using auto-config, where auto-config is filled when the one ISP link drop.
09-29-2021 12:32 AM
yeah, customer has bought static IP from ISP.
now SLA works like a charm)
thank you team for helpful advices.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide