Solved: Configuring dual-ISP Failover on an ASA 5505

bdonaldkimball · ‎06-28-2017

What I am looking to try and setup is to have the ASA route traffic out of ISPA whenever the connection is live and failover to ISPB plugged into a different port when it detects that there is no internet access available on the port ISPA is plugged into. There is no static IP's to worry about as both interfaces use DHCP to get their external IPs. What settings would I have to change on the ASA to set this up?

mvsheik123 · ‎06-29-2017

Hi,

Static IPs are easy to configure in this scenario. Check the below link for basic concepts and as your public IPs are DHCP assigned, follow additional configuration...

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html

--------------------------------------------

hostname(config)# sla monitor 123
hostname(config-sla-monitor)# type echo protocol ipIcmpEcho 10.1.1.1 interface outside
hostname(config-sla-monitor-echo)# timeout 1000
hostname(config-sla-monitor-echo)# frequency 3
hostname(config)# sla monitor schedule 123 life forever start-time now
hostname(config)# track 1 rtr 123 reachability
hostname(config)# interface GigabitEthernet0/2
hostname(config-if)# dhcp client route track 1
hostname(config-if)# ip address dhcp setroute
hostname(config)# interface GigabitEthernet0/3
hostname(config-if)# dhcp client route distance 254
hostname(config-if)# ip address dhcp setroute

***Make sure that you always enter the dhcp client route track command first, followed by the ip address dhcp setroute command, If you have already entered the ip address dhcp setroute command, then remove it and re-enter it in the order previously described. Only routes learned after the command was entered are associated with the specified tracking object.***

hth

MS

View solution in original post

mvsheik123 · ‎06-29-2017

Hi,

Static IPs are easy to configure in this scenario. Check the below link for basic concepts and as your public IPs are DHCP assigned, follow additional configuration...

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html

--------------------------------------------

hostname(config)# sla monitor 123
hostname(config-sla-monitor)# type echo protocol ipIcmpEcho 10.1.1.1 interface outside
hostname(config-sla-monitor-echo)# timeout 1000
hostname(config-sla-monitor-echo)# frequency 3
hostname(config)# sla monitor schedule 123 life forever start-time now
hostname(config)# track 1 rtr 123 reachability
hostname(config)# interface GigabitEthernet0/2
hostname(config-if)# dhcp client route track 1
hostname(config-if)# ip address dhcp setroute
hostname(config)# interface GigabitEthernet0/3
hostname(config-if)# dhcp client route distance 254
hostname(config-if)# ip address dhcp setroute

***Make sure that you always enter the dhcp client route track command first, followed by the ip address dhcp setroute command, If you have already entered the ip address dhcp setroute command, then remove it and re-enter it in the order previously described. Only routes learned after the command was entered are associated with the specified tracking object.***

hth

MS