Configuring internet failover on Cisco PIX or ASA running 8.0+

Here is how to do redundant ISP links on Cisco ASA 8.x:


sla monitor 111
type echo protocol ipIcmpEcho interface outside
num-packets 4
frequency 10

sla monitor 112
type echo protocol ipIcmpEcho interface backup
num-packets 4
frequency 10

sla monitor schedule 111 life forever start-time now
sla monitor schedule 112 life forever start-time now

track 1 rtr 111 reachability
track 2 rtr 112 reachability

route outside 0.0.0.0 0.0.0.0 1 track 1
route outside 0.0.0.0 0.0.0.0 10 track 2

Example NAT configuration:

global (outside) 1 interface
global (backup) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0