conf t
int g0/0
nameif inside
security-level 100
ip address 10.0.0.2 255.255.255.0
no shut
int g0/1
nameif outside
security-level 0
ip address 55.66.77.2 255.255.255.240
no shut
int g0/2
nameif outsidebackup
security-level 0
ip address 66.77.88.2 255.255.255.240
no shut
exit
We should now configure dynamic PAT:
object network Inside_Network
nat (inside,outside) dynamic interface
object network inside_network
nat (inside,outsidebackup) dynamic interface
Proceeding by defining primary default route:
route outside 0.0.0.0 0.0.0.0 55.66.77.2 1 track 1
Note: The route will not be present in the route table until we have setup the SLA monitor - don't worry! The 'track 1' defines which SLA tracking number the route will be tied to.
We should now define the backup / secondary default route with a metric of 254
route outsidebackup 0.0.0.0 0.0.0.0 66.77.88.2 254
Proceed by creating an SLA monitor that will use ICMP to check whether the remote gateway is available:
sla monitor 100
type echo protocol ipIcmpEcho 55.66.77.1 interface outside
num-packets 3
frequency 10
Schedule the monitoring process to start now:
sla monitor schedule 100 life forever start-time now
Now assosiate the tracked static route we created with the SLA.
track 1 rtr 100 reachability
We can now review the state of the monitor with:
show sla monitor operational-state
We are specifically intested in 'Latest operation return code' - which should equal 'OK' if all is good.
Finally we can review view and debug SLA configuration with:
show sla monitor configuration
and
debug sla monitor
0 comments:
Post a Comment