Just upgraded our Cisco Firepower 1010 Threat Defense software to 6.6.1-91 and found that SLA monitor for default route does not work as previously on ASA 5506.
Config is very simple :
route-1 outside IPv4 0.0.0.0/0 220.127.116.11 metric 1
route-2 reserve IPv4 0.0.0.0/0 18.104.22.168 metric 2 - this route has the following SAL monitor:
Monitor Address 22.214.171.124 (tested with many other highly available internet addresses)
Target Interface reserve
Type of Service Not set
Number of Packets 10
Data Size 124
The problem: every period of time equals to Frequency in the SLA monitor it activates reserve route and after another short period of time it fails back to the primary route. I tried many other settings for the SAL but the behavior is the same - monitored route constantly flipping. I used such a configuration many times before on different Cisco ASA models and it worked perfectly.
Would be very appreciated for any help.
Thank you in advance!