06-28-2017 09:43 AM - edited 03-08-2019 11:08 AM
What I am looking to try and setup is to have the ASA route traffic out of ISPA whenever the connection is live and failover to ISPB plugged into a different port when it detects that there is no internet access available on the port ISPA is plugged into. There is no static IP's to worry about as both interfaces use DHCP to get their external IPs. What settings would I have to change on the ASA to set this up?
Solved! Go to Solution.
06-29-2017 02:14 AM
Hi,
Static IPs are easy to configure in this scenario. Check the below link for basic concepts and as your public IPs are DHCP assigned, follow additional configuration...
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html
--------------------------------------------
hostname(config)# sla monitor 123
hostname(config-sla-monitor)# type echo protocol ipIcmpEcho 10.1.1.1 interface outside
hostname(config-sla-monitor-echo)# timeout 1000
hostname(config-sla-monitor-echo)# frequency 3
hostname(config)# sla monitor schedule 123 life forever start-time now
hostname(config)# track 1 rtr 123 reachability
hostname(config)# interface GigabitEthernet0/2
hostname(config-if)# dhcp client route track 1
hostname(config-if)# ip address dhcp setroute
hostname(config)# interface GigabitEthernet0/3
hostname(config-if)# dhcp client route distance 254
hostname(config-if)# ip address dhcp setroute
***Make sure that you always enter the dhcp client route track command first, followed by the ip address dhcp setroute command, If you have already entered the ip address dhcp setroute command, then remove it and re-enter it in the order previously described. Only routes learned after the command was entered are associated with the specified tracking object.***
hth
MS
06-29-2017 02:14 AM
Hi,
Static IPs are easy to configure in this scenario. Check the below link for basic concepts and as your public IPs are DHCP assigned, follow additional configuration...
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html
--------------------------------------------
hostname(config)# sla monitor 123
hostname(config-sla-monitor)# type echo protocol ipIcmpEcho 10.1.1.1 interface outside
hostname(config-sla-monitor-echo)# timeout 1000
hostname(config-sla-monitor-echo)# frequency 3
hostname(config)# sla monitor schedule 123 life forever start-time now
hostname(config)# track 1 rtr 123 reachability
hostname(config)# interface GigabitEthernet0/2
hostname(config-if)# dhcp client route track 1
hostname(config-if)# ip address dhcp setroute
hostname(config)# interface GigabitEthernet0/3
hostname(config-if)# dhcp client route distance 254
hostname(config-if)# ip address dhcp setroute
***Make sure that you always enter the dhcp client route track command first, followed by the ip address dhcp setroute command, If you have already entered the ip address dhcp setroute command, then remove it and re-enter it in the order previously described. Only routes learned after the command was entered are associated with the specified tracking object.***
hth
MS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide