Cisco Cisco ASA 5580 Adaptive Security Appliance Manual Técnica
%ASA−6−302020: Built outbound ICMP connection for faddr 4.2.2.2/0
gaddr 203.0.113.1/59005 laddr 203.0.113.1/59005
%ASA−6−302021: Teardown ICMP connection for faddr 4.2.2.2/0 gaddr
203.0.113.1/59003 laddr 203.0.113.1/59003
%ASA−6−302021: Teardown ICMP connection for faddr 4.2.2.2/0 gaddr
203.0.113.1/59004 laddr 203.0.113.1/59004
%ASA−6−302021: Teardown ICMP connection for faddr 4.2.2.2/0 gaddr
203.0.113.1/59005 laddr 203.0.113.1/59005
%ASA−7−609002: Teardown local−host identity:203.0.113.1 duration 0:00:02
%ASA−7−609002: Teardown local−host outside:4.2.2.2 duration 0:00:02
%ASA−6−622001: Removing tracked route 0.0.0.0 0.0.0.0 203.0.113.2,
distance 1, table Default−IP−Routing−Table, on interface outside
!−−− 4.2.2.2 is unreachable, so the route to the Primary ISP is removed.
Tracked Route is Removed Unnecessarily
If the tracked route is removed unnecessarily, ensure that your monitoring target is always available to receive
echo requests. In addition, ensure that the state of your monitoring target (that is, whether or not the target is
reachable) is closely tied to the state of the primary ISP connection.
echo requests. In addition, ensure that the state of your monitoring target (that is, whether or not the target is
reachable) is closely tied to the state of the primary ISP connection.
If you choose a monitoring target that is farther away than the ISP gateway, another link along that route
might fail or another device might interfere. This configuration might cause the SLA monitor to conclude that
the connection to the primary ISP has failed and cause the ASA to unnecessarily fail over to the secondary
ISP link.
might fail or another device might interfere. This configuration might cause the SLA monitor to conclude that
the connection to the primary ISP has failed and cause the ASA to unnecessarily fail over to the secondary
ISP link.
For example, if you choose a branch office router as your monitoring target, the ISP connection to your
branch office could fail, as well as any other link along the way. Once the ICMP echoes that are sent by the
monitoring operation fail, the primary tracked route is removed, even though the primary ISP link is still
active.
branch office could fail, as well as any other link along the way. Once the ICMP echoes that are sent by the
monitoring operation fail, the primary tracked route is removed, even though the primary ISP link is still
active.
In this example, the primary ISP gateway that is used as the monitoring target is managed by the ISP and is
located on the other side of the ISP link. This configuration ensures that if the ICMP echoes that are sent by
the monitoring operation fail, the ISP link is almost surely down.
located on the other side of the ISP link. This configuration ensures that if the ICMP echoes that are sent by
the monitoring operation fail, the ISP link is almost surely down.
Related Information
Cisco ASA 5500−X Series Next−Generation Firewalls
•
Technical Support & Documentation − Cisco Systems
•
Updated: May 15, 2015
Document ID: 118962