Skip to main content

Static Route Monitoring


Initially there was no mechanism for determining whether a route is up or down on the Cisco ASA security appliance. And routes will stay in routing table even if the link is down. But with Cisco ASA software version 7.2(1) track availability and installing backup routes was added.

In above diagram, two different ISPs, ISP_A and ISP_B respectively are used for failover purposes. And Cisco ASA is configured in such a way that if ISA_A fails ASA will immediately divert all traffic to ISP_B.
Basically, we configure SLA to keep tracking one particular IP in our case 150.1.2.2 in ISP_A and if SLA tracking couldn’t reach this at any point of time it start diverting all traffic to ISP_B.

!
!
hostname ASA1
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 136.1.0.12 255.255.255.0
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 136.1.121.12 255.255.255.0
!
!
!  Last step is to add route first with track optoin
!
route outside 0.0.0.0 0.0.0.0 136.1.0.2 1 track 1
route outside 0.0.0.0 0.0.0.0 136.1.0.3 100
!
!  SLA is first to configure
!
!
sla monitor 1
 type echo protocol ipIcmpEcho 150.1.2.2 interface outside
 timeout 1000
 frequency 1
sla monitor schedule 1 life forever start-time now
no crypto isakmp nat-traversal
!
!  Second is track where 1 is identfier and second 1 is assocaiting SLA
!
track 1 rtr 1 reachability
!
!

Labels:

Comments

  1. Diego CambroneroJanuary 1, 2012 at 8:10 AM

    no crypto isakmp nat-traversal?????

    that is not required is it?

    ReplyDelete
  2. SajuJanuary 1, 2012 at 12:19 PM

    no crypto isakmp nat-traversal

    Above command is not relevant to the topic. Yes you can ignore this command.

    ReplyDelete

Post a Comment

Popular posts from this blog

Image Recovery Using ROMMON mode

If incase ASA system image is lost or got corrupted we can recover it by booting ASA in ROMMON mode and executing following commands please refer above mentioned diagram. Step 1: Make sure you have assigned the right IP address to the PC which has ASA system image and tftp installed. Step 2: Set the following parameters rommon #0> address 10.1.1.254 rommon #1 > server 10.1.1.1 rommon #2> interface GigabitEthernet0/0 GigabitEthernet0/1 MAC Address: 000f. f775.4b54 rommon #3> file asa801 -k8. bin Step 3: Verify your configured parameters in ROMON mode rommon #4> set ROMMON Variable Settings: ADDRESS=10.1.1.254 SERVER=10.1.1.1 PORT=GigabitEthernet0/0 VLAN=untagged IMAGE=asa801-k8. bin CONFIG= rommon #12> set ROMMON Variable Settings: ADDRESS=10.1.1.50 SERVER=10.1.1.1 ------- output omitted for brevity ----- rommon #13> unset ADDRESS ROMMON Variable Settings: ADDRESS=0.0.0.0 SERVER=10.1.1.1 GATEWAY=0.0.0.0 ------- output omitted f...
3 comments
Read more

VPN Site-to-Site IOS

In this tutorial I am going to show you how we can configure site to site VPN on two IOS routers. In this example I have used 3750 Router in emulated environment. VPN stands for Virtual Private Network, in which you extend your corporate network across internet in secure fashion. In VPN it has different types and two main types are as follows: Site-to-Site VPN Remote Access VPN Site-to-Site is manly used to do connectivity between HQ and branches. Whereas, Remote Access is mainly used by mobile user, software is installed and proper credentials provided so that they can connect to Corporate Network from anywhere and can access anything they are authorized for. Following is diagram with related information we need to start with. So there are following steps your need to do on both routers in order to make them communicate over the Service Provider Network Securely. Step 1: IKE Phase 1 Step 2: IKE Phase key Step 3: IKE Phase 2 (transform-set) Step 4: Interested traffic (wh...
Post a Comment
Read more