Inscrit le: 05 Fév 2018
Localisation: new york
|Posté le: Lun 5 Fév - 17:04 (2018) Sujet du message: Tying a Route to Multiple Tracked Addresses. Possible?
|I’m wondering if anyone knows of a way to do this: I have a customer’s ASA firewall that has two ISP connections; a primary and a backup. I have the default gateway tied to an SLA track that monitors the 188.8.131.52 address, keeping the gateway pointed to the primary ISP if that address responds and failing to the backup if it fails. (Pretty standard tracked object route failover.)
The problem I had yesterday is that something happened on the local ISP’s backbone that black holed that specific 184.108.40.206 address. I got around it temporarily by shifting to the 220.127.116.11 address, which was responding.
So failover worked as it should have, but the result was that for a few hours they were running on their slower backup link, despite the fact that the primary was actually working. Not great for a retailer on December 21st.
Does anyone know of a way to do this where the firewall would track say 2 or 3 different addresses and only lose the route if all of them failed? Something like a track pool where you put all tracked objects in the pool and they all have to fail before the pool fails?