cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2759
Views
25
Helpful
6
Replies

DHCP Dual ISP on ASA 5506-X

sSiDs
Level 1
Level 1

Hi team! community forum delete my previous post concerbed it as "double post"...don know why)

My goal is to achieve auto switch to backup ISP YOTA if primary OUTSIDE goes down...

1. There are no static routes, does it correct?

2. ASA accept only one string with dhcpd auto_config OUTSIDE

if i put commant dhcpd auto_config YOTA, it;s overright previous OUTSIDE.

interface GigabitEthernet1/1
 nameif OUTSIDE
 security-level 0
 dhcp client route track 10
 ip address dhcp setroute 
!
interface GigabitEthernet1/2
 nameif YOTA
 security-level 0
 dhcp client route distance 254
 ip address dhcp setroute 
!
sla monitor 100
 type echo protocol ipIcmpEcho 8.8.4.4 interface OUTSIDE
 num-packets 5
 threshold 6000
 frequency 10
sla monitor schedule 100 life forever start-time now
!
track 10 rtr 100 reachability
!
dhcp-client client-id interface OUTSIDE
dhcp-client client-id interface YOTA
dhcpd auto_config OUTSIDE
!
dhcpd address 192.168.22.100-192.168.22.200 INSIDE
dhcpd dns 1.1.1.1 208.67.222.222 interface INSIDE
dhcpd enable INSIDE
1 Accepted Solution

Accepted Solutions

sSiDs
Level 1
Level 1

yeah, customer has bought static IP from ISP.

now SLA works like a charm)

thank you team for helpful advices.

View solution in original post

6 Replies 6

sSiDs
Level 1
Level 1

off topic)

ssh version 2

just reload ASA and saw....why it sjows that i using v1?

Reading from flash...
!!!...WARNING: This command will not take effect until interface 'OUTSIDE' has been assigned an IPv4 address

WARNING:
SSH version 1 is not secure.
It is recommended that only SSH version 2 be used.
SSH version 1 support will be removed in a future release.

*** Output from config line 202, "ssh 0.0.0.0 0.0.0.0 OUTS..."

WARNING:
SSH version 1 is not secure.
It is recommended that only SSH version 2 be used.
SSH version 1 support will be removed in a future release.

*** Output from config line 203, "ssh 0.0.0.0 0.0.0.0 INSI..."
WARNING: This command will not take effect until interface 'MGMT' has been assigned an IPv4 address

WARNING:
SSH version 1 is not secure.
It is recommended that only SSH version 2 be used.
SSH version 1 support will be removed in a future release.

*** Output from config line 204, "ssh 0.0.0.0 0.0.0.0 MGMT"
WARNING: This command will not take effect until interface 'MGMT' has been assigned an IP address
*** Output from config line 209, "management-access MGMT"

sSiDs
Level 1
Level 1
ASA5506X# sh run | i ssh
aaa authentication ssh console LOCAL 
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 OUTSIDE
ssh 0.0.0.0 0.0.0.0 INSIDE
ssh 0.0.0.0 0.0.0.0 MGMT
ssh timeout 40
ssh version 2
ssh key-exchange group dh-group14-sha1
ASA5506X# 

ip address dhcp <-- meaning the ASA as DHCP client and in your case the dual ISP it have client for both outside and Yota
dhcpd enable INSIDE<--this make ASA as DHCP server for INSIDE client 

dhcpd auto-config copy any parameter get from Server  "when the ASA as DHCP client" to when the ASA as DHCP Server.

ip address dhcp setroute<-- this command is config default route toward the GW you get from DHCP server "when the ASA as DHCP server".

Hello

Looks like you have it correct-

Example:

sla monitor 1
type echo protocol ipIcmpEcho 8.8.4.4 interface OUTSIDE
num-packets 3
frequency 10
sla monitor schedule 1 life forever start-time now

track 1 rtr 1 reachability


int gig1/1
ip address dhcp setroute
dhcp client route track 1

interface gig1/2
ip address dhcp setroute
dhcp client route distance 254


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi Friend 
I think I get what you want to achieve here,
the issue arise from your have dual ISP and each one have it DNS Server and dhcpd auto-config can apply for only one OUTSIDE "one ISP" so my suggest is config the DHCP primary and secondary for your client instead of using auto-config, where auto-config is filled when the one ISP link drop. 

sSiDs
Level 1
Level 1

yeah, customer has bought static IP from ISP.

now SLA works like a charm)

thank you team for helpful advices.