cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1472
Views
0
Helpful
10
Replies

Redistribute satic routes from Router to ASA

Marcus Peck
Level 1
Level 1

Hello,

my network topology is such that I have an internet facing routers (2 HSRP routers) and behind the router is an ASA towards my internal network. However, each router is connected to a different ISP for redundancy purpose and my firewall has a static route that points all to the primary ISP, call it ISP A.

My query is that if the link to ISP A (not the router A) that goes down but router A is still up, how is it possible to redistribute my static routes to the ASA so that once the link on router A goes down, my ASA is updated by the router A that the link is down and will route to the ISP B?

10 Replies 10

nagasheshu2010
Level 1
Level 1

Hi Marcus,

You are saying, the two routers are in HSRP. Instead of writing static route pointing to primary IP address in firewall , point it towards HSRP virtual IP address.

Then, in primary router you can write a track which tracks WAN connection and call under HSRP. Whenever, your wan goes track goes down, when track goes down, HSRP fails over to secondary router.

Then, by itself traffic is routed to secondary. No need to do anything in firewall.

Hope this helps.

Thanks,

Nagasheshu.

Hi, thanks for replying. However I will update you that there are 2 other external links (MPLS) per router and they are all in redundant links. The objective is to failover the failed link instead of the entire router. Is this still possible?

You Mean, There are separate links (MPLS and internet) on each router?

Hi, yes. Router 1 holds all the primary links and the Router 2 holds all the redundant links.

Are you running any protocol between firewall and these routers or just default route?

No default routes but any devices going to these external systems have a static route. The MPLS circuits are using HSRP on their end so no issue with that, it's only the internet which has 2 separate IP which are different networks which are connected to each router.

ok you can one thing in this case.

Under same router LAN interface (where you are running HSRP for MPLS), you can write another HSRP with different group number. Then write new Track to track internet WAN connection and call this track in new HSRP group.

Then, write a static route in firewall pointing towards virtual IP of new HSRP group.

You said, there is no routing between firewall and routers, Does your MPLS traffic from LAN traverse firewall at all? If so, do you have specific routes for MPLS? or Is there different path for MPLS (not via firewall)?

Regards,

Sheshu.

Hi yes, all MPLS and internet traffic traverse through the firewall.

Do you have a sample config of the tracking part?

ah, Grrrrrrrr.

What routes do you have for MPLS in firewall? I mean, what routing do you have for MPLS in firewall? Same static route?

Hi, ok to make things simple, all routes are individual static routes, regardless of its MPLS or Internet. All routes are different and there's no default route.

Example, hosts going to internet will have its own static route. Hosts going to MPLS will have another separate static route. But redundancy for MPLS is not the issue.

The HSRP on our router end is via a switch module with an internal IP facing the firewall outside IP. The other interfaces on the Router are layer 3 interfaces and have different IP addresses each connected to its own network.

Do let me.know if you need further information.

Review Cisco Networking for a $25 gift card