Configuring Static Route Tracking Using ASDM 7.1(3) ASA 9.1(2)

Similar Messages

• Configuring Cisco Router for use with Syslog Server

  Configuring Cisco Router for use with Syslog Server:
  Does anyone know of a good doc for this?
  -Ashley

  Start with that one: http://security-planet.de/wp-content/uploads/2008/12/logging-ios.pdf
  And if you need more informations, just ask what you want to achieve.
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• Reliable Static Routing Backup Using Object Tracking

  Can someone confirm if Reliable Static Routing Using Object Tracking is supported on the Cisco 3850 switch running IOS-XE?  If so, does it require IP Services licensing or will IP Base suffice?
  If it is not supported on the 3850, what about the 3750X running IOS?  Again, would it require IP Services licensing?                  

  Hello
  CCO seems to suggest it does
  http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/xe-3se/3850/iap-xe-3se-3850-book.pdf#page21
  Res
  Paul
  Sent from Cisco Technical Support iPad App

• Configuring static routes at the network edge

  We have some Cisco 1750 routers at the edge of our network which are running RIP. We were advised to use static routes on the router, since there was only one route (across a WAN link) for traffic to go from the hub connected to the router, as RIP would only waste the limited bandwidth to the router. We posted this problem previously and got a response which stated :You could set up a default static route on your edge router, run RIP on your internal routers in order to propagate the default, but block the RIP to the outside.
  On your edge router, make a default route to your external link. Keep RIP running as before, but add the line redistribute static in your rip configuration. That will get the default route propagated.
  Now to stop the RIP on the external interface: If the link is on a different major IP network to your internal network, you can simply not include it in the network commands under rip. But if it is in the same network, then RIP will be enabled on the interface, so you will have to add passive-interface xxxxx, where xxxxx refers to the interface carrying your external link,
  Alternatively, you could define your default route using the ip default-network command. This will get propagated automatically into the RIP even without the redistribute command.
  We tried it, the problem is that the router is unreachable, via the serial or Ethernet, although if connected to the router via console port, with the configuration screen , you are able to ping external locations, and are able to telnet into the router, but he PC's on the Ethernet side of the router cant see the network.
  Assistance\Advice requested.
  attached you wll find , the actual reply , and a copy of some info from our work file.

  Ernie
  I have looked at the config that you posted and I see several issues. The serial interface on Salvage is 172.20.2.2. Your message indicates that it is connected via serial to a 3640 which your message seems to indicate is 172.20.1.4. But that makes the 3640 on a different subnet. Connections over a serial link should be in the same subnet on both ends. (The exception to that is when you are using the ip unnumbered feature - which you are not). I suspect that part of your problem is that the routers do not see themselves on a connected subnet. When you run RIP over the link it can compensate for that to some degree. But when you stop RIP the problem has impact.
  Also I see that you have a static default route as Kevin suggested. And in RIP you have redistribute static. But there is no default metric defined. To redistribute into RIP you need a default metric. Another aspect of the problem with the default route is that the next hop for the default route is 172.20.1.4, but without RIP running I believe that Salvage has no idea how to get to that address. You can confirm this by doing show ip route 172.20.1.4 on Salvage. I suspect that you will get an error about route not in table.
  Beyond these issues I believe that there is a larger problem of misunderstanding. When I look at your original post in this thread it talks about not running RIP over the serial link. And when I read Kevin's response the first paragraph is describing not running RIP over the serial interface when it says do static default on your edge router and run RIP on your internal router. If you are not running RIP over the serial interface then I see no reason to run RIP on Salvage at all. There is one piece of this that Kevin did not address. If you do not run RIP over the serial link then how does the 3640 know about the Ethernet subnet at Salvage. I believe that the answer is that the 3640 needs to configure a static route to 172.20.27.0 with the 1750 serial interface as the next hop. And if there are other routers that the 3640 communicates with via RIP then the 3640 needs to redistribute static into RIP (remembering to have a default metric).
  If you address these issues I believe that you will have connectivity from the central network to the remote subnet on Salvage.
  HTH
  Rick

• How to configure static route on RHEL 3 A/S

  I have a (very) large amount of data to move through a Gigabit connection
  shortly. I want to use a newly-configured gigabit PCI-X card in a Dell
  server to accomplish this. The other interfaces are 100 Mbps.
  If I want to add a route (static route) to force outgoing packets that
  are destined for a particular host to use that interface (eth3 on this host)
  then how do I do that? System is RedHat Enterprise Linux 3AS.
  I suspect this involved the "add route default" command or whatever
  the syntax is -- I did it for Solaris years ago but don't remember
  exactly.
  $ Linux host1.localdomain 2.4.21-57.ELhugemem #1 SMP Fri Jun 13 00:09:04 EDT 2008 i686 i686 i386 GNU/Linux
  $ ifconfig eth3
  eth3 Link encap:Ethernet HWaddr 00:0A:5E:7A:E7:33
  inet addr:10.156.30.176 Bcast:10.156.30.255 Mask:255.255.255.0
  UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  RX packets:619971 errors:0 dropped:0 overruns:0 frame:0
  TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:44019924 (41.9 Mb) TX bytes:256 (256.0 b)
  Interrupt:24
  Thanks in advance.

  I agree. Using the /binroute command is not recommended for newbies, or even oldies. There is more infrastructure behind the scenes than just the routing table and using the "redhat-config-network" or "system-config-network" tool does the right thing, so you don't have to.
  I mentioned it only for completeness.

• How can I configure static routes in a CUCM?

  Hi.
  I have seen that there is no-way to set static routes in a Call Manager but I have read that you can add static routes in the Linux that runs CUCM.
  If I do that, will I l lose the Cisco support for that server?
  I don't know why a Level 3 server (like a CUCM, Presence , Unity,...) doesn't permit routing configuration.
  Regards.
  Rafa

  Thanks for your answer, Jaime.
  That implies that we have to insert an intermediate router.
  I think that routing features should be implemented in Unified Comunications servers.
  Regards

• Configuring Static Routing

  Hi, I have some issues configuring my WRT54G in my business, I've already got 2 networks and i want to create a new one with my router.. The main network where all our servers are is the 192.168.1.0/24 (gateway 192.168.1.1), second network is 192.168.2.0/24 (gateway 192.168.2.1)
  What i want to do: Create the network 192.168.102.0/24 wich could communicate directly with the 192.168.2.0 network but 192.168.102.0 need to talk with the 192.168.1.0 network too. I guess i should connect the 192.168.2.0 in the Internet port, and the 192.168.102.0 in the Ethernet ports.
  How should i setup my router ?? Do i need to create Static Ip routes on my computer in the 192.168.102.0 network?? Thanks!
  Message Edited by Goyette on 12-10-2007 01:25 PM

  1}192.168.0.1/24
  2}192.168.0.2/24
  3}192.168.102.0/24 {want to create}
  The most important thing i want to know how the above two network are connected to each other. And which router you are using.
  Then we will move foward

• Is it possible in IOS to have two static routes for the same subnet, one a higher priority and "failover" between the 2?

  Hi All
  Is it possible in IOS to have for a particular subnet:
  a) Two static routes?
  b) Make one static route a higher priority than the other?
  c) If one static router "goes down", failover to the lower priority static route?
  We have a l2tp/vpdn connection to a supplier which can be accessed via two vlans/routes. I would like to make one route the preferred one but the "route" to failover if the preferred route goes down.
  Again, many thanks in advance for all responses!
  Thanks
  John

  Hi John,
  Hope the below explaination will help you...
  R1(config)# ip route 0.0.0.0 0.0.0.0 2.2.2.2
  R1(config)# ip route 0.0.0.0 0.0.0.0 3.3.3.3 10
  If you notice the Administrative Distance for the secondary route pointing to ISP2 is increased to 10 so that it becomes the backup link.
  The above configuration with just two floating static routes partially accomplishes our requirement as it will work only in the scenario where the routers interfaces connected to the WAN link are in up/down or down/down status. But in a lot of situations we see that even though the links remain up but we are not able to reach the gateway, this usually happens when the issue is at the ISP side.
  In such scenarios, IP SLAs becomes an engineer's best friend. With around six additional IOS commands we can have a more reliable automatic failover environment.
  Using IP SLA the Cisco IOS gets the ability to use Internet Control Message Protocol (ICMP) pings to identify when a WAN link goes down at the remote end and hence allows the initiation of a backup connection from an alternative port. The Reliable Static Routing Backup using Object Tracking feature can ensure reliable backup in the case of several catastrophic events, such as Internet circuit failure or peer device failure.
  IP SLA is configured to ping a target, such as a publicly routable IP address or a target inside the corporate network or your next-hop IP on the ISP's router. The pings are routed from the primary interface only. Following a sample configuration of IP SLA to generate icmp ping targeted at the ISP1s next-hop IP.
  R1(config)# ip sla 1
  R1(config)# icmp-echo 2.2.2.2 source-interface FastEthernet0/0
  R1(config)# timeout 1000
  R1(config)# threshold 2
  R1(config)# frequency 3
  R1(config)# ip sla schedule 1 life forever start-time now
  The above configuration defines and starts an IP SLA probe.
  The ICMP Echo probe sends an ICMP Echo packet to next-hop IP 2.2.2.2 every 3 seconds, as defined by the “frequency” parameter.
  Timeout sets the amount of time (in milliseconds) for which the Cisco IOS IP SLAs operation waits for a response from its request packet.
  Threshold sets the rising threshold that generates a reaction event and stores history information for the Cisco IOS IP SLAs operation.
  After defining the IP SLA operation our next step is to define an object that tracks the SLA probe. This can be accomplished by using the IOS Track Object as shown below:
  R1(config)# track 1 ip sla 1 reachability
  The above command will track the state of the IP SLA operation. If there are no ping responses from the next-hop IP the track will go down and it will come up when the ip sla operation starts receiving ping response.
  To verify the track status use the use the “show track” command as shown below:
  R1# show track
  Track 1
  IP SLA 1 reachability
  Reachability is Down
  1 change, last change 00:03:19
  Latest operation return code: Unknown
  The above output shows that the track status is down. Every IP SLAs operation maintains an operation return-code value. This return code is interpreted by the tracking process. The return code may return OK, OverThreshold, and several other return codes.
  Different operations may have different return-code values, so only values common to all operation types are used. The below table shows the track states as per the IP SLA return code.
  Tracking
  Return Code
  Track State
  Reachability
  OK or over threshold
  (all other return codes)
  Up
  Down
  The Last step in the IP SLA Reliable Static Route configuration is to add the “track” statement to the default routes pointing to the ISP routers as shown below:
  R1(config)# ip route 0.0.0.0 0.0.0.0 2.2.2.2 track 1
  R1(config)# ip route 0.0.0.0 0.0.0.0 3.3.3.3 10
  The track number keyword and argument combination specifies that the static route will be installed only if the state of the configured track object is up. Hence if the track status is down the secondary route will be used to forward all the traffic.
  Please rate the helpfull posts.
  Regards,
  Naidu.

• Floating static routes

  if a rip enabled primary interface goes down and is backed up by a dialer 1 Floating static route with an admin distance of e.g 200 can a second Dialer 2 be configured to connect to the same location via a second floating static route e.g admin cost 240. In the event of Dialer 1 not connecting.

  Hi Larry,
  I've given this a bit of thought and believe that you can possibly get this going using the feature 'Reliable Static Routing Backup Using Object Tracking'. There's some info and examples regarding this here:
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123limit/123x/123xe/dbackupx.htm#wp1071672
  Essentially, you would use the 'track' keyword with the 'ip route' statement for the floating static route for your first dialer. The static route would only be installed if you had actual connectivity over this dialer. If your dialer does not come up, the track object will change status to down and bring down that floating static route, enabling your third static default route to kick in.
  I have not tried this personally but the approack makes sense...
  Hope that helps - pls rate the post if it does.
  Regards,
  Paresh

• SGE2000/P Static Routing (equals L2+) Explain?

  What does L2+ mean?  I realize these aren't L3 switches with SVI capabilities, so what is the purpose of configuring static routes if there is no InterVLAN routing capability?
  T.I.A.,
  Chris

  Welcome to Cisco Community!
  With out getting into a huge discussion I will try to answer as quickly and directly as possible.
  Our SFE and SGE series switches are Layer 3 switches (can also be configured as L2) so they are able to perform as a (inter VLAN) router or gateway for all VLANs. Once you have created the VLANs and assigned each an IP address, that IP address will become the GW for that VLAN. Under Routing you will not see any learned networks until you assign the VLAN to a port and the port becomes active. You will then need to configure a default route to send the traffic out to the cloud. The router will need to belong to the same VLAN as the switch. So if the switch has an IP address of 172.16.30.1/24, the router will have an IP of 172.16.30.254/24 for example. The route would read like this: 0.0.0.0/0 next hop 172.16.30.254 metric 2 (or higher).
  As for static routes as a L2 or L3 switch, they would be useful when you have a device attached to another switch which is disjoined from your typical network on the local switch. In other words, lets say you have 3 (aside from default native VLAN 1) VLANs V10 - 30. All you of your devices belong to these VLANs but you have a server on VLAN 30 which is not connected to this switch. You will then create a static route for that server's IP address to the remote switch.
  VLAN30: 172.16.30.1 (local SGE)
  Server: 172.16.30.200 (on remote switch)
  Remote Switch: 192.168.20.1 (remote SGE)
  VLAN30: 172.16.30.2 (on remote SGE)
  Static Route:
  destination 172.16.30.200 next hop 172.16.30.2 metric 2
  I hope this answers your question. These are really my favorite switches, as I find them very reliable and highly configurable. I love these things.

• Is Static Routing Necessary?

  I'd like to use an 1812 to route data between 2 subnets (say 10.1.1.x and 11.1.1.x). I'm setting up the two WAN interfaces (FastEthernet0 and FastEthernet1) with IP addresses and subnet masks for each of the two subnets.
  Will traffic heading from the 10.1.1.x subnet and destined for the 11.1.1.x subnet automatically route correctly (and vice-versa), or will I need to configure static routing?
  Also, a follow-up question. If I'm only expecting traffic from one of the subnets and destined to the other (either 10.1.1.x to 11.1.1.x, or vice-versa), do I need to configure a default route? If no default route is configured, what happens if a packet comes in destined for an unknown subnet?

  Trevor
  In the situation which you describe where the router has 2 interfaces and networks are configured on each interface, then you do not need static routing to route between those networks.
  In this situation I do not see any reason to configure a default route. The default route is certainly not needed to route between those networks. And if a packet came into the router and the destination were on some network not connected to the router, what could you do? Do you have any way to forward packets to any other network? As you describe it there is no benefit for a default route. And in this situation if a packet did come in with a destination for an unknown subnet, then the only thing that the router can do is to drop the packet.
  HTH
  Rick

• Cisco ASA static route Administrative Distance

  Hello Dear Engineers,
  In Cisco ASA 8.2(5) version  I configured Static Route Floating with different Administrative Distances (for example, 10) , but IOS cannot accept this parameter.   for verifying, show route command  result shows  administrative distance as 1 .
  Configuration example:
  ip route 10.0.0.0 255.255.255.0 192.168.1.1 1 track 1
  ip route 10.0.0.0 255.255.255.0 192.168.2.1 10 
  S 10.0.0.0 255.255.255.0 [1/0] via 192.168.2.1, outside2
  Is this the bug of the IOS, or may-be I misconfigured something? 
  Thanks in advance.

  Hi Samir,
  Even Pix 8.0 version shows the correct ad value defined..... might be that would be a bug or misconfiguration from your end.
  pixfirewall(config-if)# sh route
  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
         i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
         * - candidate default, U - per-user static route, o - ODR
         P - periodic downloaded static route
  Gateway of last resort is 1.1.1.2 to network 0.0.0.0
  C    1.1.1.0 255.255.255.0 is directly connected, out1
  C    2.2.2.0 255.255.255.0 is directly connected, out2
  S*   0.0.0.0 0.0.0.0 [1/0] via 1.1.1.2, out1
  pixfirewall(config-if)# shut
  pixfirewall(config-if)# sh route
  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
         i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
         * - candidate default, U - per-user static route, o - ODR
         P - periodic downloaded static route
  Gateway of last resort is 2.2.2.2 to network 0.0.0.0
  C    2.2.2.0 255.255.255.0 is directly connected, out2
  S*   0.0.0.0 0.0.0.0 [100/0] via 2.2.2.2, out2
  pixfirewall(config-if)#
  Regards
  Karthik

• How do you configure router to use a static ip

  I use dynamic broadband internet service, www.dybb.com and I was wondering if there was a way to configure my routers IP address because they gave me a static one and It can't connect to it so could you let me know how to change my routers IP address to match mine?

  Configuring the router for a Static IP address is pretty straight forward. 
  1. First you have to login to the router, by browsing to 192.168.1.1 using Internet explorer
  2. When prompted to login, leave the Username field blank and type "admin" as the password
  3. On the Setup>Basic Setup page, click on the drop down menu next to Internet Setup and select Static IP
  4. Enter all the information your ISP provided you in the appropriate fields, then click Save Settings to apply these changes. 
  If you are having trouble accessing the 192.168.1.1 interface, it may be because your PC is currently configured with the IP address your ISP assigned you.  To change this:
  1. Go to the Start menu, click on Control Panel, then double-click on Network Connections
  2. Right-click on the connection named Local Area Connection and select properties
  3. Highlight Internet Protocol (TCP/IP) from the list in the middle of the Properties window and click then click the button labeled Properties
  4. Change both of the options on the General tab "Obtain xxx Automatically" and then click OK
  5. Click OK once again on the Properties window and then try and access 192.168.1.1 once the status of the Local Area Connection has changed from "Acquiring network address" to "Connected".

• Configuring MPLS VPN using static routing

  Hi,
  I am managed to set up a BGP/MPLS VPN in a laboratory using CS3620 routers running IOS 12.2(3) with ISIS. I am thinking of using static routes among the PE and P routers instead of a IGP. Does anyone know if Cisco routers supports static configuration of LSP? I have tried but could not get it work.

  You can very well run MPLS with static routing in the core, as in Cisco we have to meet 2 criterias to have a MPLS forwarding Table.
  1) Creating the LIB
  This thing lies in having LDP neighborship netween two peers and you have Label bindings.
  This is irrespective of what is the best next hop to reach the advertising peers LDP_ID.
  2) Creating the LFIB
  Now after considering all the Label bindings, the LDP_ID which can be reached out an interface
  as a next hop, those Label bindings get installed in the LFIB.
  So considering the above two points, we have to be careful in static routes
  only for interfaces like Ethernet (Multiaccess Segments).
  As in CEF when you give a static route pointing to an Ethernet Interface, CEF creates a
  GLean Adjacency (Meaning there could be multiple hosts as the next hop on this segement, and it will glean for the right next-hop)
  Now you may observe that when you give a static route only pointing to an Ethernet interface,
  you LDP adjacency may come up and you may exchange the bindings with each other. But the Label Forarding Table is not created. This is bcos of this being a Multiaccess interface. And you have
  Glean For it. If its a Normal WAN interface like Serial or POS, then there is no problem of
  GLean and you would have a Valid Cached Adjacency.
  So to avoid probelems with Ethernet interfaces you can simply specify the next-hop-ip address.
  For Eg: ip route 10.10.31.250 255.255.255.255 10.10.31.226 (Without the Interface)
  ip route 10.10.31.250 255.255.255.255 fa0/0 10.10.31.226 (Or with the Interface)
  Only Difference in both is in the first one it has to do a recursive lookup for the outgoing interface. Otherwise both work well. And you can have static routes in your network
  running MPLS.
  And doing this CEF would would work as it should and you would have a Valid Cached Adjacency.
  So this is applicable for Cisco devices which use CEF, including 6500 with SUP720.
  HTH-Cheers,
  Swaroop

• Need Help for configuring Floating static route in My ASA.

  Hi All,
  I need your support for doing a floating static route in My ASA.
  I have tried this last time but i was not able to make it. But this time i have to Finish it.
  Please find our network Diagram and configuration of ASA
  route outside 0.0.0.0 0.0.0.0 6.6.6.6 1 track 1
  route outside 0.0.0.0 0.0.0.0 6.6.6.6 1
  route rOutside 0.0.0.0 0.0.0.0 3.3.3.3 10
  route inside 10.10.4.0 255.255.255.0 10.10.3.1 1
  route inside 10.10.8.0 255.255.255.0 10.10.3.1 1
  route inside 10.10.9.0 255.255.255.0 10.10.3.1 1
  route inside 10.10.15.0 255.255.255.0 10.10.3.1 1
  route rOutside x.x.x.x 255.255.255.255 5.5.5.5 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 10.10.3.77 255.255.255.255 inside
  http 10.10.8.157 255.255.255.255 inside
  http 10.10.3.59 255.255.255.255 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  sla monitor 123
  type echo protocol ipIcmpEcho 8.8.8.8 interface outside
  num-packets 3
  frequency 10
  sla monitor schedule 123 life forever start-time now
  crypto ipsec transform-set cpa esp-3des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map vpn_cpa 1 match address acl_cpavpn
  crypto map vpn_cpa 1 set peer a.a.a.a
  crypto map vpn_cpa 1 set transform-set abc
  crypto map vpn_cpa 1 set security-association lifetime seconds 3600
  crypto map vpn_cpa interface outside
  crypto isakmp identity address
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  crypto isakmp policy 65535
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  track 1 rtr 123 reachability
  telnet 10.10.3.77 255.255.255.255 inside
  telnet 10.10.8.157 255.255.255.255 inside
  telnet 10.10.3.61 255.255.255.255 inside
  telnet timeout 500
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics port
  threat-detection statistics protocol
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ntp server 10.10.3.14
  webvpn
  tunnel-group .a.a.a.a ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
  inspect sip 
    inspect xdmcp
  service-policy global_policy global
  smtp-server 10.10.5.11
  prompt hostname context
  Cryptochecksum:eea6e7b6efe5d1a180439658c3912942
  : end
  i think half of the configuration stil there in the ASA.
  Diagram.
  Thanks
  Roopesh

  You have missed the last command in your configuration, Please check it again
  route ISP1  0.0.0.0 0.0.0.0 6.6.6.6 track 1
  route ISP2   0.0.0.0 0.0.0.0 3.3.3.3
  sla monitor 10
  type echo protocol ipIcmpEcho 8.8.8.8 interface ISP1
  num-packets 3
  frequency 10
  sla monitor schedule 123 life forever start-time now
  track 1 rtr 123 reachability
  You can do NAT in same way, here the logical name of the interface will be different.
  Share the result
  Please rate any helpful posts.