IP SLA on IOS and ASA

IP SLA = IP Service Level Agreements/Assurance (depends on how you understand it).

Most likely the feature will be used for monitoring WAN connection OR failover WAN/ISP connection automatically to ensure business continuity. Here below are 2 Dual ISP failover examples for both IOS device and ASA.

NOTE: IP SLA normally works with routable interface, which means it will be configured on router or layer 3 switch. For ASA 5505 particularly, you need to have security plus license in order to have ability to physical interfaces as routable interfaces.

For IOS devices:
Router(config) #ip sla monitor 1

Router(config-sla-monitor) #type echo protocol ipIcmpEcho 10.2.3.4 source-interface FastEthernet 0/1

Router(config-sla-monitor) #frequency 2

Router(config-sla-monitor) #timeout 1000

Router(config-sla-monitor) #threshold 3000

Router(config) #ip sla schedule 1 life forever start-time now

Router(config) #track 1 rtr 1 reachability

Router(config) #ip route 0.0.0.0 0.0.0.0 10.2.3.4 track 1

Router(config) #ip route 0.0.0.0 0.0.0.0 192.5.6.7 10

For ASA 5500 Series:
ASA(config)# sla monitor 1

ASA(config-sla-monitor)# type echo protocol ipIcmpEcho 10.2.3.4 interface outside

ASA(config-sla-monitor-echo)# num-packets 3

ASA(config-sla-monitor-echo)# frequency 10

ASA(config)# sla monitor schedule 1 start-time now life forever

ASA(config)# track 1 rtr 1 reachability

ASA(config)# route outside 0.0.0.0 0.0.0.0 10.2.3.4 1 track 1

ASA(config)# route outside-failover 0.0.0.0 192.5.6.7 10

So only if the Router/ASA CAN reach 10.2.3.4, then10.2.3.4 will be used as the default route. After failed over, if Router/ASA gained connection again, device should failed back automatically.

Read details here and here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s