We will proceed assuming
you already configured the ASA with the primary link
Configured the WAN2 on a port with the static IP or DHCP depending on the connection - you should be able to ping the secondary WAN link gateway from the ASA
Note:
Please remove the existing Static Route for the primary WAN link
Configure Route tracking
ASA(config)# route outside 0.0.0.0 0.0.0.0 <ISP 1(WAN1) Gateway> 1 track 1 ASA(config)# route Backup_Wan 0.0.0.0 0.0.0.0 <ISP 2 (WAN2) Gateway> 254
Now lets break it down
Line 01 - you add the WAN1 route with a administrative distance of 1 and we also include the track 1 statement for the SLA monitor tracking (See below)
Line 02 - with the second line we add the default route for the BackupWan link with a higher administrative distance to make it the secondary link
Examples
ASA(config)# route outside 0.0.0.0 0.0.0.0 100.100.100.10 1 track 1 ASA(config)# route Backup_Wan 0.0.0.0 0.0.0.0 200.200.200.10 254
Setup SLA monitoring and Route tracking
ASA(config)# sla monitor 10
Configure the SLA monitor with ID 10
ASA(config-sla-monitor)# type echo protocol ipIcmpEcho 8.8.8.8 interface outside
Configure the monitoring protocol, the target IP for the probe and the interface use
SLA monitor will keep probing the IP we define here and report if its unreachable via the given interface
In this senario im using 8.8.8.8 as the target IP you can use any public IP for monitoring
ASA(config-sla-monitor-echo)# num-packets 4
Number of packets sent to the probe
ASA(config-sla-monitor-echo)# timeout 1000
Timeout value in milliseconds. if you have a slow link as the primary increase the time out accordingly
ASA(config-sla-monitor-echo)# frequency 10
Frequency of the probe in seconds - SLA monitor will probe the IP every 10 seconds
ASA(config)# sla monitor schedule 10 life forever start-time now
Set the ASA to start the SLA monitor now and keep it running for ever
ASA(config)# track 1 rtr 10 reachability
This command will tell the ASA to keep tracking the SLA monitor with the ID:10 and the Default route defined with "Track 1"
if the probe fails to reach the target IP (in this case 8.8.8.8) via the designated interface it will remove the route defined with "Track 1" from the routing table
The next best possible route in this scenario the backup ISP route with administrative distance of 254 takes its place
Configure dynamic NAT Rules (Important)
nat (inside,<ISP 1(WAN1) Interface Name) source dynamic any interface nat (inside,<ISP 2(WAN2) Interface Name>) source dynamic any interface
Configure the two NAT statements required so that either interface can provide NATting,
Examples
Examples
nat (inside,outside) source dynamic any interface nat (inside,Backup_Wan) source dynamic any interface
This method worked well for me personally and keep in mind i'm no Cisco Guru so if i made a mistake or if you feel like there is a better way to do this please leave comment. its all about the community after all
Until next time stay awesome internetz
Nice blog! Actually, I am getting more information to read your great post. Thank you.
ReplyDeletePega Training in Chennai
Pega Course in Chennai
Excel Training in Chennai
Corporate Training in Chennai
Embedded System Course Chennai
Linux Training in Chennai
Tableau Training in Chennai
Oracle Training in Chennai
Oracle DBA Training in Chennai
Wonderful article, thanks for putting this together! This is obviously one great post. Thanks for the valuable information and insights you have so provided here. Plus d'information
ReplyDeleteI want you to thank for your time of this wonderful read!!! I definately enjoy every little bit of it and I have you bookmarked to check out new stuff of your blog a must read blog! Klik hier
ReplyDeleteGreat article with excellent idea!Thank you for such a valuable article. I really appreciate for this great information.. deze website
ReplyDeleteI have used a lot of juicers in the past and I created this blog to help juice lovers make the right decision in choosing the type of juicer that best fit their needs. There are several good masticating juicers to choose from. privacyinthenetwork
ReplyDeleteI want to say thanks for beautiful blog sharing with us. Your blog really great resource to update my knowledge. privacyonline
ReplyDeleteI am impressed. I don't think Ive met anyone who knows as much about this subject as you do. You are truly well informed and very intelligent. You wrote something that people could understand and made the subject intriguing for everyone. Really, great blog you have got here. 192 168 0 1
ReplyDeletePleasant Informative Blog having decent sharing.. what is my ip location
ReplyDeleteI really enjoyed to read this blog. Thanks for sharing the useful information.
ReplyDeleteDevOps Training in Chennai
DevOps Training in Bangalore
DevOps Training in Coimbatore
Best DevOps Training in Marathahalli
DevOps Training Institutes in Marathahalli
DevOps Institute in Marathahalli
DevOps Course in Marathahalli
DevOps Training in btm
DOT NET Training in Bangalore
PHP Training in Bangalore
Expected and valid points are included in your blog.. I really liked and I got some ideas about this technology...
ReplyDeleteXamarin Training in Chennai
Xamarin Course
Data Analytics Courses in Chennai
IELTS Coaching centre in Chennai
Japanese Language Classes in Chennai
Best Spoken English Classes in Chennai
content writing course in chennai
spanish language course in chennai
Xamarin Training in Tambaram
Xamarin Training in Anna Nagar
seaport hack Excellent trick this great friend, this was what I was looking for a long time and finally something that works. I recommend them all if it is real is not a lie. Thanks friend. Keep it up
ReplyDeleteReally very informative and inoperative blog, Thanks for the post and effort! keep sharing more blogs.
ReplyDeletenew trends in digital marketing
big data analytics
latest technology trends
graphic design for beginners
rpa interview questions for freshers
Thanks for the efforts in writing the wonderful article.
ReplyDeletephp interview questions and answers
salesforce interview questions
Mua vé máy bay tại Aivivu, tham khảo
ReplyDeletevé máy bay đi Mỹ hạng thương gia
giá vé máy bay hà nội sài gòn
vé máy bay chu lai hà nội
vé máy bay đi nha trang giá rẻ
vé máy bay từ hà nội đi quy nhơn
taxi sân bay nội bài 180k
combo novotel phú quốc 4 ngày 3 đêm
Thanks for sharing this blog. It was so informative.
ReplyDeleteWhich profession is best
Choosing your career
Awesome blog. Thanks for sharing such a worthy information....
ReplyDeleteDigital Marketing Course in Hyderabad
Digital Marketing Course in Gurgaon
Thanks for sharing this blog. It was so informative.
ReplyDeleteBest selenium Training Institute in Chennai
Best training institute for selenium in chennai
Thanks for sharing this blog. It was so informative.
ReplyDeleteGerman Classes in Chennai
German Language Classes in Chennai
Nice blog! Thanks for sharing this valuable information
ReplyDeleteGreatest Challenges of Cyber Security
Cyber Security Challenges