How to create a ISP Failover on a cisco asa 5510. What do you need to create this solution…
- You need 2 Internet Providers.
- You need for both ISP an internet device ( in bridged modus )
- You need one Cisco asa 5510 with a security bundle
Prior to start with you configuration. Keep in mind you can use this in combination with a Statefull fallback solution of 2 Cisco ASA 5510’s.
interface Ethernet 0/2 description internet connection ISP 1 nameif outside secutiry-level 0 ip address < external ip address> <subnetmask>
Above is the first configuration of the first ISP
interface Ethernet 0/3 description internet connection ISP 2 nameif outside2 security-level 0 ip address <external ip address> <subnetmask>
Configure a local area network address ( LAN )
interface Ethernet 0/0 description Local Area Network ( LAN ) nameif inside security-level 100 ip address < internal ip address> <subnetmask>
Configure a global NAT/PAT
global (outside) 1 interface global (outside2) 1 interface nat (inside ) 1 0.0.0.0 0.0.0.0
Configure a static route
route outside 0.0.0.0 0.0.0.0 <gateway ISP 1> 1 track 1 route outside2 0.0.0.0 0.0.0.0 <gateway ISP 2> 254
You have to configure now a SLA ( automatic tracking to an external ip address or website )
sla monitor 123 type echo protocol ipIcmpEcho 220.127.116.11 interface outside num-packets 3 frequency 10
You have to start this monitor through the command.
sla monitor schedule 123 life forever start-time now
After you configured and started the monitor tracker. You will need to point this monitor tracker to a static route which you configured earlier.
track 1 rtr 123 reachability