How to configure IP SLA monitoring on Cisco ASA?
IP SLA MONITORING on Cisco ASA:
I have 2 ISPs connected on "outside" and "outside2".
I want to have ISP connected on outside interface as my primary and if something goes wrong with this ISP then I would like to change my default route towards ISP on outside2.
In this case I will be tracking some IP that guarantees me the availability for ISP1. And then I will apply this track on my "Main" route.
To understand how it works, look at the very bottom.
First configure SLA monitoring process using a unique ID. In t.his example I am using 100
Here we define what IP address we will be sending pings to and what interface will be used to source it from.
here we are going to send pings to 8.8.8.8 using "outside" interface IP address.
We want to send 3 ping packets at an interval of 10 seconds.
sla monitor 100
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
frequency 10
Now schedule your monitoring process, when would you like to have it started.
sla monitor schedule 100 life forever start-time now
Create a Track and associate it with the monitoring process that we created above.
I am using a track ID 1 and associating it with monitoring process 100.
track 1 rtr 100 reachability
rtr = Response Time Reporter
Now the track is ready to be applied on a route that you would like to MONITOR.
route outside 0.0.0.0 0.0.0.0 65.123.2.1 1 track 1
route outside2 0.0.0.0 0.0.0.0 34.65.1.2 10
Working:
=============
As per the above example I am pinging to 8.8.8.8 by sending 3 packets after every 10 seconds. If I do not get reply for 1 packet, it will think that something went wrong with ISP1 and track will FAIL. When track fails, the route that it has been applied to also fails.
It dynamically disables that route, and the other static route configured with a higher metric value becomes active. During this time, that SLA is still sending pings to 8.8.8.8 via ISP1. If it receives a reply, considers ISP1 back online and track becomes active. As a results that route also becomes active.
All configuration at once:
sla monitor 100
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
frequency 10
!
sla monitor schedule 100 life forever start-time now
!
track 1 rtr 100 reachability
!
route outside 0.0.0.0 0.0.0.0 65.123.2.1 1 track 1
I have 2 ISPs connected on "outside" and "outside2".
I want to have ISP connected on outside interface as my primary and if something goes wrong with this ISP then I would like to change my default route towards ISP on outside2.
In this case I will be tracking some IP that guarantees me the availability for ISP1. And then I will apply this track on my "Main" route.
To understand how it works, look at the very bottom.
First configure SLA monitoring process using a unique ID. In t.his example I am using 100
Here we define what IP address we will be sending pings to and what interface will be used to source it from.
here we are going to send pings to 8.8.8.8 using "outside" interface IP address.
We want to send 3 ping packets at an interval of 10 seconds.
sla monitor 100
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
frequency 10
Now schedule your monitoring process, when would you like to have it started.
sla monitor schedule 100 life forever start-time now
Create a Track and associate it with the monitoring process that we created above.
I am using a track ID 1 and associating it with monitoring process 100.
track 1 rtr 100 reachability
rtr = Response Time Reporter
Now the track is ready to be applied on a route that you would like to MONITOR.
route outside 0.0.0.0 0.0.0.0 65.123.2.1 1 track 1
route outside2 0.0.0.0 0.0.0.0 34.65.1.2 10
Working:
=============
As per the above example I am pinging to 8.8.8.8 by sending 3 packets after every 10 seconds. If I do not get reply for 1 packet, it will think that something went wrong with ISP1 and track will FAIL. When track fails, the route that it has been applied to also fails.
It dynamically disables that route, and the other static route configured with a higher metric value becomes active. During this time, that SLA is still sending pings to 8.8.8.8 via ISP1. If it receives a reply, considers ISP1 back online and track becomes active. As a results that route also becomes active.
All configuration at once:
sla monitor 100
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
frequency 10
!
sla monitor schedule 100 life forever start-time now
!
track 1 rtr 100 reachability
!
route outside 0.0.0.0 0.0.0.0 65.123.2.1 1 track 1
0 comments:
Post a Comment