Cisco Cisco ASA 5550 Adaptive Security Appliance 技術マニュアル
SLA monitor process determines that the primary ISP gateway is not reachable, the static route that directs
traffic to that interface is removed from the routing table. In order to replace that static route, an alternate
static route that directs traffic to the secondary ISP is installed. This alternate static route directs traffic to the
secondary ISP through the DSL modem until the link to the primary ISP is reachable.
traffic to that interface is removed from the routing table. In order to replace that static route, an alternate
static route that directs traffic to the secondary ISP is installed. This alternate static route directs traffic to the
secondary ISP through the DSL modem until the link to the primary ISP is reachable.
This configuration provides a relatively inexpensive way to ensure that outbound Internet access remains
available to users behind the ASA. As described in this document, this setup might not be suitable for inbound
access to resources behind the ASA. Advanced networking skills are required in order to achieve seamless
inbound connections. These skills are not covered in this document.
available to users behind the ASA. As described in this document, this setup might not be suitable for inbound
access to resources behind the ASA. Advanced networking skills are required in order to achieve seamless
inbound connections. These skills are not covered in this document.
Important Recommendations
Before you attempt the configuration that is described in this document, you must choose a monitoring target
that can respond to Internet Control Message Protocol (ICMP) echo requests. The target can be any network
object that you choose, but a target that is closely tied to your Internet Service Provider (ISP) connection is
recommended. Here are some possible monitoring targets:
that can respond to Internet Control Message Protocol (ICMP) echo requests. The target can be any network
object that you choose, but a target that is closely tied to your Internet Service Provider (ISP) connection is
recommended. Here are some possible monitoring targets:
The ISP gateway address
•
Another ISP−managed address
•
A server on another network, such as an Authentication, Authorization, and Accounting (AAA) server
with which the ASA must communicate
with which the ASA must communicate
•
A persistent network object on another network (a desktop or notebook computer that you can shut
down at night is not a good choice)
down at night is not a good choice)
•
This document assumes that the ASA is fully operational and configured in order to allow the Cisco Adaptive
Security Device Manager (ASDM) to make configuration changes.
Security Device Manager (ASDM) to make configuration changes.
Tip: For information about how to allow the ASDM to configure the device, refer to the Configuring HTTPS
Access for ASDM section of the CLI Book 1: Cisco ASA Series General Operations CLI Configuration
Guide, 9.1.
Access for ASDM section of the CLI Book 1: Cisco ASA Series General Operations CLI Configuration
Guide, 9.1.
Configure
Use the information that is described in this section in order to configure the ASA for the use of the static
route tracking feature.
route tracking feature.
Note: Use the Command Lookup Tool (registered customers only) in order to obtain more information about
the commands that are used in this section.
the commands that are used in this section.
Note: The IP addresses that are used in this configuration are not legally routable on the Internet. They are
RFC 1918 addresses, which are used in a lab environment.
RFC 1918 addresses, which are used in a lab environment.
Network Diagram
The example that is provided in this section uses this network setup: