cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1038
Views
5
Helpful
5
Replies

Connectivity problem ASA 5506-x and SVI (2960-x) after configuring LTE Backup with SLA Monitor

1pdemharter
Level 1
Level 1

Hi,

 

I have a strange problem. My 5506-x is connected to Internet via outside interface and connected to a 2960-X switch. On the switch I configured 3 Vlans (SVIs). One (vlan 1) connects the asa inside-int and vlan 10 and 20 is used for end-systems. All works fine each can each other.

 

Internet ----- outside int  ASA  -inside --- vlan 1 --------- SVI 2960-x  ---- vlan 10  ----- host

                   backup-int----|                                                         |-------vlan 20 ----- host

                                           |

  LTE-Router-------------|

 

No I add a mobile back via LTE Router via SLA monitoring.

Strange thing now, after disconnecting the Internet Router Interface, ASA inserted the backup as configured. I can ping the Internet from the ASA from the switch (can switch back and for both connection, all is fine), but as long as the LTE backup is up my host systems on vlan 10 and 20 cannot ping the Internet (from the hosts I can reach the inside int of the asa, but the it ends.

Any ideas what happens. I enclosed my configs as attachments.

Many thx in advance

 

Peter

1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

 

Your backup router does not have routes for the the vlan 10 and 20 IP subnets so it does not know how to send the return traffic. 

 

Jon

View solution in original post

5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

 

Your backup router does not have routes for the the vlan 10 and 20 IP subnets so it does not know how to send the return traffic. 

 

Jon

Hi,

thx for that hint, LTE is branded with now access to expert mode. Think I will change the box.

 

Peter

 

The other option would be to NAT the inside subnets to the interface IP on the ASA that connects to the router so it would then know how to return the traffic. 

 

Just another option. 

 

Jon

Hi,
you are right, but I prefer the first solution :-)

Peter

Hi Jon,

 

changed the box with and now it works fine. Thx

 

kind regards 

 

Peter

Review Cisco Networking for a $25 gift card