On the Cisco ASA Firewall can we configure a backup link, for example a backup Internet link. That means if our Internet access has some problem, we still have a backup link to access the Internet or whatever we want. The configuration is not part of this documentation, it is only useful if there is a problem with the backup link or with the monitoring of the primary link.
Show Commands:
1. Double check the SLA config from CLI:
| (config)# show running-config sla monitor |
2. Check the current configuration settings of the operation (default values are here):
| (config)# show sla monitor configuration |
3. Check the operational statistics of the SLA operation:
| (config)# show sla monitor operational-state |
Those are important:
“Connection loss occurred:”
“Timeout occurred:”
“Over thresholds occurred:”
4. Check the routing table (Check which route is the active: primary/backup):
| (config)# show route |
Debug Commands:
| (config)# debug sla monitor trace (config)# debug sla monitor error (config)# term mon |
The following Cisco documentation example is not stateful!!! If your route changes to another interface the active connections will go trough the old interface (statefull connections are sticked to the interface).
To create stateful SLA monitor use backup route on the same interface, but to different next hop!
Full Configuration example
Comment:
Az ASA/PIX with code 7 can only do SLA monitoring type with “ICMP Path Echo”.
IOS routers with code 12.4 can do 13 kind of SLA monitoring types.
SLA monitor configuration for IOS 12.4
itsecworks 
Posted on November 23, 2010
0