Skip to main content

Static Route Monitoring


Initially there was no mechanism for determining whether a route is up or down on the Cisco ASA security appliance. And routes will stay in routing table even if the link is down. But with Cisco ASA software version 7.2(1) track availability and installing backup routes was added.

In above diagram, two different ISPs, ISP_A and ISP_B respectively are used for failover purposes. And Cisco ASA is configured in such a way that if ISA_A fails ASA will immediately divert all traffic to ISP_B.
Basically, we configure SLA to keep tracking one particular IP in our case 150.1.2.2 in ISP_A and if SLA tracking couldn’t reach this at any point of time it start diverting all traffic to ISP_B.

!
!
hostname ASA1
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 136.1.0.12 255.255.255.0
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 136.1.121.12 255.255.255.0
!
!
!  Last step is to add route first with track optoin
!
route outside 0.0.0.0 0.0.0.0 136.1.0.2 1 track 1
route outside 0.0.0.0 0.0.0.0 136.1.0.3 100
!
!  SLA is first to configure
!
!
sla monitor 1
 type echo protocol ipIcmpEcho 150.1.2.2 interface outside
 timeout 1000
 frequency 1
sla monitor schedule 1 life forever start-time now
no crypto isakmp nat-traversal
!
!  Second is track where 1 is identfier and second 1 is assocaiting SLA
!
track 1 rtr 1 reachability
!
!

Labels:

Comments

  1. Diego CambroneroJanuary 1, 2012 at 8:10 AM

    no crypto isakmp nat-traversal?????

    that is not required is it?

    ReplyDelete
  2. SajuJanuary 1, 2012 at 12:19 PM

    no crypto isakmp nat-traversal

    Above command is not relevant to the topic. Yes you can ignore this command.

    ReplyDelete

Post a Comment

Popular posts from this blog

Image Recovery Using ROMMON mode

If incase ASA system image is lost or got corrupted we can recover it by booting ASA in ROMMON mode and executing following commands please refer above mentioned diagram. Step 1: Make sure you have assigned the right IP address to the PC which has ASA system image and tftp installed. Step 2: Set the following parameters rommon #0> address 10.1.1.254 rommon #1 > server 10.1.1.1 rommon #2> interface GigabitEthernet0/0 GigabitEthernet0/1 MAC Address: 000f. f775.4b54 rommon #3> file asa801 -k8. bin Step 3: Verify your configured parameters in ROMON mode rommon #4> set ROMMON Variable Settings: ADDRESS=10.1.1.254 SERVER=10.1.1.1 PORT=GigabitEthernet0/0 VLAN=untagged IMAGE=asa801-k8. bin CONFIG= rommon #12> set ROMMON Variable Settings: ADDRESS=10.1.1.50 SERVER=10.1.1.1 ------- output omitted for brevity ----- rommon #13> unset ADDRESS ROMMON Variable Settings: ADDRESS=0.0.0.0 SERVER=10.1.1.1 GATEWAY=0.0.0.0 ------- output omitted f...
3 comments
Read more

ASA TFTP Backup

If you have no backup solution, you can still take backup on your machine by executing single command. But before, there some prerequisite which has be fulfill. 1. TFTP software 2. Configuring ASA For first requirement you can use any freely available. Second you have to make sure, PC on which you are installing tftp you can ping from ASA simply you have connectivity. Than simple execute following command in config mode of ASA: tftp-server peceuplink <tftp-server-ip> /<filename> ASA1(config)#tftp-server inside_.1.1 lan 192.168/ASA001.cfg In above example inside_lan is nameif on inside interface, 192.168.1.1 is tftp server ip and /ASA001.cfg is the file name. Now in order to send copy of running file to tftp server you have excute write net . Make sure on your PC the folder has proper privileges.
Post a Comment
Read more