Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3834
Views
0
Helpful
7
Replies

Need assistance in backup route configuration

Go to solution
jpeterson6
Level 2
Level 2

‎07-14-2011 02:34 PM - edited ‎03-04-2019 12:59 PM

Hello,

The topology I'm currently working on has an ASA at the edge (plugged directly into the ISP equipment) with a 3750X stack behind it. The 3750X has an NLAN interface for internal routing between multiple sites.

The 3750X has a default static route pointing to the ASA device and also has EIGRP running (receives routes through the NLAN).

The ASA also has EIGRP but the outside interface is set to passive, so all internal routes are learned from the 3750X's NLAN interface. The ASA has a static default route pointing to the ISP.

Basic requirements are that all internal traffic goes through the NLAN while all internet traffic goes through the ISP.

I need the 3750X to start routing packets through the NLAN as a secondary default route (to use the other sites internet feeds) in case the ASA ISP connection goes down, but since they are on two different boxes I am unsure of the best way to do this. I want the default route to point back to the ASA once the local internet link is back up, so I don't think I can use two static default routes with different route costs.

Can someone lend me their assistance in getting this working properly?

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Thotsaphon Lueangwattanaphong
Level 7
Level 7

‎07-14-2011 02:49 PM

Hi,

  Well,I think you want to re-route internet traffic to another box when ASA can't reach the internet. You can be done with IP SLA on the C3750X. It should be something like this. I'd track DNS server 8.8.8.8. Assuming that if I can't reach that DNS,I would re-route. You may track other IP address if you want to.

C3750X

!

ip sla monitor 1

 type echo protocol ipIcmpEcho 8.8.8.8

 timeout 1000

 frequency 3

 threshold 2

!

ip sla monitor schedule 1 life forever start-time now

!

track 1rtr 1 reachability

!

ip route 8.8.8.8 255.255.255.255 
ip route 0.0.0.0 0.0.0.0 <ASA IP address> track 1


ip route 0.0.0.0 0.0.0.0 <NLAN BOX IP address> 100
!

  Let's check this link: http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html

HTH,
Toshi

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Thotsaphon Lueangwattanaphong
Level 7
Level 7

‎07-14-2011 02:49 PM

Hi,

  Well,I think you want to re-route internet traffic to another box when ASA can't reach the internet. You can be done with IP SLA on the C3750X. It should be something like this. I'd track DNS server 8.8.8.8. Assuming that if I can't reach that DNS,I would re-route. You may track other IP address if you want to.

C3750X

!

ip sla monitor 1

 type echo protocol ipIcmpEcho 8.8.8.8

 timeout 1000

 frequency 3

 threshold 2

!

ip sla monitor schedule 1 life forever start-time now

!

track 1rtr 1 reachability

!

ip route 8.8.8.8 255.255.255.255 
ip route 0.0.0.0 0.0.0.0 <ASA IP address> track 1


ip route 0.0.0.0 0.0.0.0 <NLAN BOX IP address> 100
!

  Let's check this link: http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html

HTH,
Toshi
0 Helpful

Go to solution
jpeterson6
Level 2
Level 2
In response to Thotsaphon Lueangwattanaphong

‎07-14-2011 03:48 PM

That makes sense. Would the default route point back to the ASA once the main internet link (and thus the route to 8.8.8.8) is re-established using that ip sla setup? The key is that I don't want to have to clear the secondary ip route statement from the config just so the proper route is used again.

marwanshawi, I'm not really sure what you mean, but I can 'draw' the diagram if it helps.

                    EIGRP->

(Internet) ---- (ASA) ---- (Switch)

                                           |

                                   NLAN (EIGRP)

If I perform a 'show route' on the ASA it will display all the internal routes as EIGRP with the NLAN interface on the 3750X switch as the next hop.

0 Helpful

Go to solution
Thotsaphon Lueangwattanaphong
Level 7
Level 7
In response to jpeterson6

‎07-15-2011 05:49 AM

Hi,

Q: Would the default route point back to the ASA once the main internet  link (and thus the route to 8.8.8.8) is re-established using that ip sla  setup?

A: Yes it has to be. You may adjust timing parameters on IP SLA you want.

   I think you're runing Eigrp to let ASA know where to route internal networks. We was trying to handle a backup default route. I think IP SLA could help you.

HTH,

Toshi

0 Helpful

Go to solution
jpeterson6
Level 2
Level 2
In response to Thotsaphon Lueangwattanaphong

‎07-15-2011 08:24 AM

Hi,

I read through the document. The configuration suggest something similar but slightly different (highlighted in bold)

The example in the document is as follows:

interface FastEthernet 0/0
 description primary-link
 ip address 10.1.1.1 255.0.0.0


interface Dialer 0
 description backup-link
 ip address 10.2.2.2 255.0.0.0


ip sla monitor 1
 type echo protocol ipIcmpEcho 172.16.23.7
 timeout 1000
 frequency 3
 threshold 2
ip sla monitor schedule 1 life forever start-time now
track 123 rtr 1 reachability

access list 101 permit icmp any host 172.16.23.7 echo
route map MY-LOCAL-POLICY permit 10
 match ip address 101
 set interface dialer 0 null 0
!
ip local policy route-map MY-LOCAL-POLICY

ip route 0.0.0.0 0.0.0.0 10.1.1.242 track 123
ip route 0.0.0.0 0.0.0.0 10.2.2.125 254

What exactly does the route map portion do? There is also no default route in the document pointing to the IP SLA destination as your config suggested. Is that really needed?

0 Helpful

Go to solution
Thotsaphon Lueangwattanaphong
Level 7
Level 7
In response to jpeterson6

‎07-15-2011 09:25 AM

Hi,

   Configurations I provided is okay and it can be used as an example. What you want to do is a floating route for a default route and you want to track how to reach the internet not just a next-hop(IP SLA can do this). You just read how IP SLA works:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_40_se/configuration/guide/swipsla.html#wp1094080.

   And then test and let us know how things work out.

HTH,

Toshi

0 Helpful

Go to solution
jpeterson6
Level 2
Level 2
In response to Thotsaphon Lueangwattanaphong

‎07-15-2011 06:55 PM

Thanks a lot for the help. It works just great.

I ended up using the ISP's gateway instead of 8.8.8.8 as I happen to use that IP for connectivity tests all the time (took me a few to realise why my pings weren't working when they should have been)

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎07-14-2011 02:59 PM

Can you put a simple diagram of how the switch and the Asa cinched interim of EIGRP

Sent from Cisco Technical Support iPhone App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card