B-33
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Appendix B Sample Configurations
Example 14: Dual ISP Support Using Static Route Tracking
Example 14: Dual ISP Support Using Static Route Tracking
This configuration shows a remote office using static route tracking to use a backup ISP route if the
primary ISP route fails. The security appliance in the remote office uses ICMP echo requests to monitor
the availability of the main office gateway. If that gateway becomes unavailable through the default
route, the default route is removed from the routing table and the floating route to the backup ISP is used
in its place.
Figure B-12 Dual ISP Support
passwd password1
enable password password2
hostname myfirewall
asdm image disk0:/asdm.bin
boot system disk0:/image.bin
!
interface gigabitethernet 0/0
nameif outside
security-level 0
ip address 10.1.1.2 255.255.255.0
no shutdown
!
interface gigabitethernet 0/1
description backup isp link
nameif backupisp
security-level 100
ip address 172.16.2.2 255.255.255.0
no shutdown
!
sla monitor 123
type echo protocol ipIcmpEcho 10.2.1.2 interface outside
timeout 1000
frequency 3
sla monitor schedule 123 life forever start-time now
!
track 1 rtr 123 reachability
!
route outside 0.0.0.0 0.0.0.0 10.1.1.1 track 1
! The above route is used while the tracked object, router 10.2.1.2
! is available. It is removed when the router becomes unavailable.
!
route backupisp 0.0.0.0 0.0.0.0 172.16.2.1 254
! The above route is a floating static route that is added to the
153924
Backup ISP
Primary ISP
10.1.1.1
172.16.2.1
10.1.1.2
172.16.2.2
Inside
Network
route outside 0.0.0.0 0.0.0.0 10.1.1.1 track 1
route backupisp 0.0.0.0 0.0.0.0 172.16.2.1 254
10.2.1.2
172.20.1.2
Main Office
Network
To Next Page
Loading...
Need help?
General