Here's the scenario: 1 router will have a primary and secondary ISP connection. I set up an SLA to track connectivity on the primary connection. Here are the static routes:
ip route 0.0.0.0 0.0.0.0 Tunnel55 track 10
ip route 12.54.X.X 255.255.255.240 GigabitEthernet0/0 track 10
ip route 12.54.X.Y 255.255.255.255 X.15.115.X track 10
ip route 192.168.32.0 255.255.240.0 Tunnel55 track 10
ip route 192.168.48.0 255.255.252.0 Tunnel55 track 10
ip route 192.168.56.0 255.255.255.0 Tunnel55 track 10
ip route 0.0.0.0 0.0.0.0 Tunnel56 254
ip route 12.54.X.X 255.255.255.240 GigabitEthernet0/1 254
ip route 12.54.X.Y 255.255.255.255 X.15.81.X 254
ip route 192.168.32.0 255.255.240.0 Tunnel56 254
ip route 192.168.48.0 255.255.252.0 Tunnel56 254
ip route 192.168.56.0 255.255.255.0 Tunnel56 254
So I shut down the port (gi0/0) belonging to the primary port. At this point, it seemed like it worked fine. The routes shifted over to the backup routes. However, when I re-enabled the port, only two of the routes switched back. The routes pointing to Tunnels stayed on the secondary tunnel. When I browsed my static routes, I saw this:
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, Tunnel56
126.96.36.199/8 is variably subnetted, 2 subnets, 2 masks
S 12.x.x.16/28 is directly connected, GigabitEthernet0/0
S 12.x.y.20/32 [1/0] via x.15.115.x
S 192.168.32.0/20 is directly connected, Tunnel56
S 192.168.48.0/22 is directly connected, Tunnel56
S 192.168.56.0/24 is directly connected, Tunnel56
Is there something special I need to do for Tunnels to allow the Tunnel routes to switch back automatically?
Usually no news means good news in security, but how do you know what is working, what could be better and where you should invest? Introducing the Cisco Security Outcomes Study.
We commissioned an independent survey of 4,800 active security a...
Cisco is happy to announce their Fall release, FTD 6.7/ASA 9.15.1/FXOS 2.9, which consists of 104 features across 24 initiatives, addressing technical debt while staying true to our five core investment areas: Ease of Use and Deployment, Unified Policy an...
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...