Hi,

We have a router with two ISP links terminated on it. Each ISP has given a small pool of static IPs.

[inside users vlan 10,20,30]---> ASA ( NAT,PAT - ISP1 pool / ISP2 pool) ------->  Router ( PBR, conditional NAT) -----> ISP1 link and ISP2 link.

As of now there is single ISP and all the traffic is by default routed to the ISP1 link. PATing of the source IP the packets to one of the ISP1-Pool IP is done by ASA which is behind this router.

Now we need one particular user subnet that should use the ISP 2 link to access the internet. So that corresponding NAT is done in ASA by using the access-list to match that particular source VLAN subnet and one static IP from ISP2.

We plan to use  PBR in the router to forward the corresponding packets to ISP 2 link. ( route-map, match source IP of the packet if this is from ISP 2 pool then set-next-hop to ISP 2 WAN link router). All remaining traffic will take a default link to ISP 1.

Route map will logically look like this

route-map ABCD permit 10

match ip address -- source IP from ISP 2 - pool

set next hop - ISP 2 side router IP

Apply the policy based routing to packets arriving on ethernet

interface fast0/1

ip policy route-map ABCD

Next, condition is if the second ISP link is down we need to forward all packets to ISP 1 link.

We need to do the NAT of packets those have source IP from ISP2 pool ( done by ASA) to one IP from ISP1 pool and then send these packets to ISP1 link.

Logically it will look some thing like this :

If --> ISP2 link is down  then

Packets with source IP from ISP2 pool -->  NAT / PAT with the one of the static IP from ISP1 pool.

and then --> forward these packets to ISP1 link

When ISP 2 link comes back --->  then dont perform this condiftional NAT but go back the policy based routing.

Is this conditional NAT possible using object-track ?

Please share the experience.

Thanks in advance!

Subodh