Hello All,
I'm kind of newbie on ASA, so please be patient with me.
I have a couple of ASAs 5505 (HQ & Branch) running version 8.2(4). They are configured with a Site-to-Site VPN over a single WAN link:
# sh crypto isa sa
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 192.168.0.6
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
I want to enable sla monitor on one of the devices in order to know the real status of my unique link because the interfaces sometimes don't go down, so I don't have any real statistic of failures.
I found out several posts with the step-by-step to configure it:
http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/813-cisco-router-ipsla-basic.html
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
http://www.cisco.com/en/US/technologies/tk648/tk362/tk920/technologies_white_paper0900aecd8017f8c9_ps6602_Products_White_Paper.html
http://www.networkstraining.com/cisco-asa-5500-dual-isp-connection/
After reading all the articles I have some questions that maybe someone can answer:
- All the information is related to dual ISP links failover. Is there any extra-consideration for my single link scenario?
- I already have a static route route outside 0.0.0.0 0.0.0.0 192.168.0.1 1 so I think I have to overwrite it with something like this route outside 0.0.0.0 0.0.0.0 192.168.0.1 1 track 1. Is this correct?
- If so, when I overwrite it, will the S2S VPN go down and will it go up automatically?
Thanks to all in advance.
