Cisco IOS (SLA / Track / default route change). Using alternative default route on fly.

Many branches were configured only with default route  of the `master` ASA and no other routes (so-called stub network). When migrating from old ASA to the new one I needed to make this migration `painless` (minimal downtime).

These are steps to change default routes on the routers:

#configure SLA:
#ping default-gateway

ip sla 1
 icmp-echo 172.16.0.8

exit

ip sla schedule 1 life forever start-time now

#configure tracker of this SLA:

track 1 ip sla 1 reachability

#configure main route with track number 1 :

ip route 0.0.0.0 0.0.0.0 172.16.0.8 track 1

#delete old default route:

no ip route 0.0.0.0 0.0.0.0 172.16.0.8

#add backup route with higher metric:

ip route 0.0.0.0 0.0.0.0 172.16.0.8 10

When  main route is unreachable, backup route with metric 10 will be used.

After finishing migration we can completely remove old route and add new route with default metric:

ip route 0.0.0.0 0.0.0.0 172.16.0.8

after issuing this command route with metric 10 is automatically removed.

Then on an old ASA deny all needed protocols for migrating router. In my environment:

access-list regions.acl line 1 extended deny esp host <needed-IP> any

access-list regions.acl line 1 extended deny ip host <needed-IP> any

access-list regions.acl line 1 extended deny icmp host <needed-IP> any

It's obvious that this is only one step of the migration process but other steps were more obvious for me than  this one.