Floating static route on ASA

songwh911 · ‎10-23-2017

I have 2 floors and 3 ISPs in my company network, and I would like to implement ISP failover with static route. (diagram attached)

For Floor 2, ISP failover is set up with IP SLA tracking.

What I want to achieve is that, for Floor1, if ISP1 fails, I want to redirect everything to the other firewall (192.168.100.2) and go through ISP2, then ISP3.

I tried to do it by pointing to destination address to 192.168.100.2 with higher metric (205) with tracking, failover didn't work. (route p2p 0.0.0.0 0.0.0.0 192.168.100.2 205 track 10)

for ASSA5516 on the left, I have a static routes set up like this.

route p2p 0.0.0.0 0.0.0.0 192.168.100.2 205 track 10
route outside 0.0.0.0 0.0.0.0 1.1.1.2 95
route p2p 10.6.50.0 255.255.255.0 192.168.100.2 200
route p2p 10.6.51.0 255.255.255.0 192.168.100.2 200
route p2p 10.6.225.0 255.255.255.0 192.168.100.2 200

NAT rules is setup on the FTD on the right.

Can I get some help with this? Thanks in advance!

lresp · ‎10-24-2017

please include your track configuration, also, are you advertising the valid default route from the device to the other with a routing protocol?

songwh911 · ‎10-26-2017

sla monitor 10
type echo protocol ipIcmpEcho 1.1.1.2 interface outside
num-packets 3
sla monitor schedule 10 life forever start-time now

I only have static routes in my environment, so no advertising default route, unless I'm missing some knowledge about route advertising..