Question : Trouble setting up redundant ISP link on ASA5510

Hi all, I'm new to Cisco ASA's (using primarily ASDM, don't shoot me!), so bear with me.

I am trying to set it up so my redundant ISP (Cable) would failover should my T1 go down. I followed the following link - http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml instructions.

When I tested, the route appeared to switch over as expected, but I don't get internet connectivity, and the log reveals the following errors,

"3 Jul 07 2010 19:00:30      305006 67.192.133.244 443 portmap translation creation failed for tcp src inside:192.168.1.141/3033 dst backup:67.192.133.244/443"

with various internal and external IPs, but the key thing being the numerous portmap failures.

Any help appreciated.  ATtached is my running config, which I believe is what would be most useful, from what I've seen?

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167:

Result of the command: "show running-config" : Saved : ASA Version 8.0(4) ! hostname ciscoasa domain-name ifsa.local enable password 4gGlf8Tkjp2soeYb encrypted passwd 2KFQnbNIdI.2KYOU encrypted names ! interface Ethernet0/0 nameif outside security-level 0 ip address 24.38.85.142 255.255.255.248 ! interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.1.29 255.255.255.0 ! interface Ethernet0/2 nameif backup security-level 0 ip address 96.57.46.76 255.255.255.248 ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown no nameif no security-level no ip address ! ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns domain-lookup inside dns server-group DefaultDNS name-server 192.168.1.30 domain-name ifsa.local object-group service DSClient tcp port-object range 4401 4404 access-list outside_2_cryptomap extended permit ip 192.168.1.0 255.255.255.0 192.168.150.16 255.255.255.240 access-list outside_3_cryptomap extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.137.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.150.16 255.255.255.240 access-list outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 192.168.137.0 255.255.255.0 access-list outside_access_in extended permit icmp any any access-list outside_access_in extended permit tcp any any object-group DSClient log debugging inactive pager lines 24 logging enable logging asdm informational logging mail emergencies logging from-address [email protected] logging recipient-address [email protected] level errors mtu outside 1500 mtu inside 1500 mtu backup 1500 no failover icmp unreachable rate-limit 1 burst-size 1 icmp permit any echo-reply outside asdm image disk0:/asdm-621.bin no asdm history enable arp timeout 14400 global (outside) 101 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 101 0.0.0.0 0.0.0.0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 24.38.85.141 1 track 1 route backup 0.0.0.0 0.0.0.0 96.57.46.73 254 route inside 192.168.10.0 255.255.255.0 192.168.1.253 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy http server enable http 0.0.0.0 0.0.0.0 inside http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart sla monitor 123 type echo protocol ipIcmpEcho 24.38.85.141 interface outside num-packets 3 frequency 10 sla monitor schedule 123 life forever start-time now crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map outside_map0 1 match address outside_1_cryptomap crypto map outside_map0 1 set peer 64.54.67.9 crypto map outside_map0 1 set transform-set ESP-3DES-SHA crypto map outside_map0 1 set security-association lifetime seconds 28800 crypto map outside_map0 1 set security-association lifetime kilobytes 4608000 crypto map outside_map0 2 match address outside_2_cryptomap crypto map outside_map0 2 set peer 79.119.54.194 crypto map outside_map0 2 set transform-set ESP-3DES-SHA crypto map outside_map0 2 set security-association lifetime seconds 28800 crypto map outside_map0 2 set security-association lifetime kilobytes 4608000 crypto map outside_map0 3 match address outside_3_cryptomap crypto map outside_map0 3 set peer 61.41.125.142 crypto map outside_map0 3 set transform-set ESP-3DES-SHA crypto map outside_map0 3 set security-association lifetime seconds 28800 crypto map outside_map0 3 set security-association lifetime kilobytes 4608000 crypto map outside_map0 interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 ! track 1 rtr 123 reachability telnet 192.168.1.0 255.255.255.0 inside telnet timeout 5 ssh 192.168.1.0 255.255.255.0 inside ssh timeout 30 console timeout 0 dhcpd dns 192.168.1.30 ! dhcpd dns 192.168.1.30 interface inside dhcpd wins 192.168.1.30 interface inside ! threat-detection basic-threat threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list no threat-detection statistics tcp-intercept tftp-server inside 192.168.1.45 ASA_ tunnel-group 64.54.67.9 type ipsec-l2l tunnel-group 64.54.67.9 ipsec-attributes pre-shared-key * tunnel-group 79.119.54.194 type ipsec-l2l tunnel-group 79.119.54.194 general-attributes tunnel-group 79.119.54.194 ipsec-attributes pre-shared-key * tunnel-group 61.41.125.142 type ipsec-l2l tunnel-group 61.41.125.142 ipsec-attributes pre-shared-key * tunnel-group 64.54.67.9 type ipsec-l2l tunnel-group 64.54.67.9 general-attributes tunnel-group 64.54.67.9 ipsec-attributes pre-shared-key * ! ! prompt hostname context Cryptochecksum:36fcba42a2c272a8d6bc0c81e9a040aa : end

Answer : Trouble setting up redundant ISP link on ASA5510

Simply add the following. use the command line tool in the ASDM:

global (backup) 101 interface

done.