Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
565
Views
0
Helpful
1
Replies

FirePower 1010 route SLA Monitor issue

nev1
Level 1
Level 1

‎04-07-2021 02:29 AM

Hello,

 

Just upgraded our Cisco Firepower 1010 Threat Defense software to 6.6.1-91 and found that SLA monitor for default route does not work as previously on ASA 5506.

Config is very simple :

route-1 outside IPv4 0.0.0.0/0 1.1.1.1 metric 1
route-2 reserve IPv4 0.0.0.0/0 2.2.2.2 metric 2 - this route has the following SAL monitor:

 

Monitor Address 8.8.8.8 (tested with many other highly available internet addresses)

Target Interface reserve
Threshold 5000
Timeout 5000
Frequency 20000
Type of Service Not set
Number of Packets 10
Data Size 124

 

The problem: every period of time equals to Frequency in the SLA monitor it activates reserve route and after another short period of time it fails back to the primary route. I tried many other settings for the SAL but the behavior is the same - monitored route constantly flipping. I used such a configuration many times before on different Cisco ASA models and it worked perfectly. 

 

Would be very appreciated for any help.

 

Thank you in advance!

 

Best regards,

Nikolay

 

Labels:
0 Helpful
1 Reply 1

Georg Pauwen
VIP
VIP

‎04-07-2021 02:47 AM

Hello Nikolay,

 

what is the output of:

 

show track

 

?

 

It is a bit hard to troubleshoot this, since it is all GUI based. Have a look at the link below and verify that you have configured the SLA monitor as described...

 

https://integratingit.wordpress.com/2020/08/14/ftd-dual-isp-failover/

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card