Example 14: Dual Isp Support Using Static Route Tracking - Cisco FirePOWER ASA 5500 series Configuration Manual

Appendix B Sample Configurations

Example 14: Dual ISP Support Using Static Route Tracking

This configuration shows a remote office using static route tracking to use a backup ISP route if the
primary ISP route fails. The security appliance in the remote office uses ICMP echo requests to monitor
the availability of the main office gateway. If that gateway becomes unavailable through the default
route, the default route is removed from the routing table and the floating route to the backup ISP is used
in its place.
Figure B-12
passwd password1
enable password password2
hostname myfirewall
asdm image disk0:/asdm.bin
boot system disk0:/image.bin
!
interface gigabitethernet 0/0
nameif outside
security-level 0
ip address 10.1.1.2 255.255.255.0
no shutdown
!
interface gigabitethernet 0/1
description backup isp link
nameif backupisp
security-level 100
ip address 172.16.2.2 255.255.255.0
no shutdown
!
sla monitor 123
type echo protocol ipIcmpEcho 10.2.1.2 interface outside
timeout 1000
frequency 3
sla monitor schedule 123 life forever start-time now
!
track 1 rtr 123 reachability
!
route outside 0.0.0.0 0.0.0.0 10.1.1.1 track 1
! The above route is used while the tracked object, router 10.2.1.2
! is available. It is removed when the router becomes unavailable.
!
route backupisp 0.0.0.0 0.0.0.0 172.16.2.1 254
! The above route is a floating static route that is added to the
OL-10088-01
Dual ISP Support
10.2.1.2
Main Office
Network
172.20.1.2
Example 14: Dual ISP Support Using Static Route Tracking
route outside 0.0.0.0 0.0.0.0 10.1.1.1 track 1
10.1.1.1
Primary ISP
172.16.2.1
Backup ISP
Cisco Security Appliance Command Line Configuration Guide
10.1.1.2
172.16.2.2
Inside
Network
B-33