We will proceed assuming
you already configured the ASA with the primary link
Configured the WAN2 on a port with the static IP or DHCP depending on the connection - you should be able to ping the secondary WAN link gateway from the ASA
Note:
Please remove the existing Static Route for the primary WAN link
Configure Route tracking
ASA(config)# route outside 0.0.0.0 0.0.0.0 <ISP 1(WAN1) Gateway> 1 track 1 ASA(config)# route Backup_Wan 0.0.0.0 0.0.0.0 <ISP 2 (WAN2) Gateway> 254
Now lets break it down
Line 01 - you add the WAN1 route with a administrative distance of 1 and we also include the track 1 statement for the SLA monitor tracking (See below)
Line 02 - with the second line we add the default route for the BackupWan link with a higher administrative distance to make it the secondary link
Examples
ASA(config)# route outside 0.0.0.0 0.0.0.0 100.100.100.10 1 track 1 ASA(config)# route Backup_Wan 0.0.0.0 0.0.0.0 200.200.200.10 254
Setup SLA monitoring and Route tracking
ASA(config)# sla monitor 10
Configure the SLA monitor with ID 10
ASA(config-sla-monitor)# type echo protocol ipIcmpEcho 8.8.8.8 interface outside
Configure the monitoring protocol, the target IP for the probe and the interface use
SLA monitor will keep probing the IP we define here and report if its unreachable via the given interface
In this senario im using 8.8.8.8 as the target IP you can use any public IP for monitoring
ASA(config-sla-monitor-echo)# num-packets 4
Number of packets sent to the probe
ASA(config-sla-monitor-echo)# timeout 1000
Timeout value in milliseconds. if you have a slow link as the primary increase the time out accordingly
ASA(config-sla-monitor-echo)# frequency 10
Frequency of the probe in seconds - SLA monitor will probe the IP every 10 seconds
ASA(config)# sla monitor schedule 10 life forever start-time now
Set the ASA to start the SLA monitor now and keep it running for ever
ASA(config)# track 1 rtr 10 reachability
This command will tell the ASA to keep tracking the SLA monitor with the ID:10 and the Default route defined with "Track 1"
if the probe fails to reach the target IP (in this case 8.8.8.8) via the designated interface it will remove the route defined with "Track 1" from the routing table
The next best possible route in this scenario the backup ISP route with administrative distance of 254 takes its place
Configure dynamic NAT Rules (Important)
nat (inside,<ISP 1(WAN1) Interface Name) source dynamic any interface nat (inside,<ISP 2(WAN2) Interface Name>) source dynamic any interface
Configure the two NAT statements required so that either interface can provide NATting,
Examples
Examples
nat (inside,outside) source dynamic any interface nat (inside,Backup_Wan) source dynamic any interface
This method worked well for me personally and keep in mind i'm no Cisco Guru so if i made a mistake or if you feel like there is a better way to do this please leave comment. its all about the community after all
Until next time stay awesome internetz
Nice blog! Actually, I am getting more information to read your great post. Thank you.
ReplyDeletePega Training in Chennai
Pega Course in Chennai
Excel Training in Chennai
Corporate Training in Chennai
Embedded System Course Chennai
Linux Training in Chennai
Tableau Training in Chennai
Oracle Training in Chennai
Oracle DBA Training in Chennai
Wonderful article, thanks for putting this together! This is obviously one great post. Thanks for the valuable information and insights you have so provided here. Plus d'information
ReplyDeleteI want you to thank for your time of this wonderful read!!! I definately enjoy every little bit of it and I have you bookmarked to check out new stuff of your blog a must read blog! Klik hier
ReplyDeleteGreat article with excellent idea!Thank you for such a valuable article. I really appreciate for this great information.. deze website
ReplyDeleteI have used a lot of juicers in the past and I created this blog to help juice lovers make the right decision in choosing the type of juicer that best fit their needs. There are several good masticating juicers to choose from. privacyinthenetwork
ReplyDeleteI want to say thanks for beautiful blog sharing with us. Your blog really great resource to update my knowledge. privacyonline
ReplyDeleteI am impressed. I don't think Ive met anyone who knows as much about this subject as you do. You are truly well informed and very intelligent. You wrote something that people could understand and made the subject intriguing for everyone. Really, great blog you have got here. 192 168 0 1
ReplyDeletePleasant Informative Blog having decent sharing.. what is my ip location
ReplyDeleteseaport hack Excellent trick this great friend, this was what I was looking for a long time and finally something that works. I recommend them all if it is real is not a lie. Thanks friend. Keep it up
ReplyDeleteReally very informative and inoperative blog, Thanks for the post and effort! keep sharing more blogs.
ReplyDeletenew trends in digital marketing
big data analytics
latest technology trends
graphic design for beginners
rpa interview questions for freshers
Mua vé máy bay tại Aivivu, tham khảo
ReplyDeletevé máy bay đi Mỹ hạng thương gia
giá vé máy bay hà nội sài gòn
vé máy bay chu lai hà nội
vé máy bay đi nha trang giá rẻ
vé máy bay từ hà nội đi quy nhơn
taxi sân bay nội bài 180k
combo novotel phú quốc 4 ngày 3 đêm
Thanks for sharing this blog. It was so informative.
ReplyDeleteWhich profession is best
Choosing your career
Thanks for sharing this blog. It was so informative.
ReplyDeleteBest selenium Training Institute in Chennai
Best training institute for selenium in chennai