Solved: Gateway of last resort and PAT

slee · ‎11-03-2012

Hello,

I have a beginner-ish question. Currently, we have 2 ISPs going into our router, comcast and sprint. Our Gateway of last resort is set to Comcast. Our users are also accessing the internet via PAT, with a Comcast IP address. If I change the gateway of last resort to Sprint, what effect will that have on the users? Will they still send traffic through the Comcast line, since that's the address that they are assigned, or will they be sending traffic out through Sprint?

cadet alain · ‎11-05-2012

Hi Scott,

for inside NAT, routing is always done first before NAT and yes you could use PBR to send traffic to newest ISP next-hop.

Regards.

Alain

Don't forget to rate helpful posts.

View solution in original post

Richard Burts · ‎11-03-2012

Scott

You have not provided much detail about the topology of your network or how it is configured. So we must make assumptions. To the extent that our assumptions are correct our suggestions to you will be valid. But to the extent that our assumptions are flawed then our suggestions to you will also be flawed.

So I am assuming that the hosts in your network are assigned private IP addressing. And I am assuming that the hosts in your network are configured to use the router that you mention as their default gateway. And I am assuming that the router has been configured to do address translation (PAT) using the Comcast address. And I am assuming that there is no address translation configured for traffic that uses the Sprint connection.

Given these assumptions the users will continue to forward their Internet traffic to the router as their default gateway. The router will attempt to forward the user traffic using the Sprint connection. Since there does not appear to be any address translation configured on the Sprint connection then the user traffic using the Sprint connection will fail since the source address will be the private address.

If any of my assumptions are not correct then please provide clarification.

HTH

Rick

HTH

Rick

slee · ‎11-05-2012

Hi Richard,

Thanks for the reply. Sorry, I know it's kind of vague. Our network is set up thus:

Internet - Router - Firewall - Internal. On the router, we have route-maps set up for 3 Internal ranges, that are then PATed to Sprint IPs. One route-map is set up for a range that is PATed to Comcast IPs, but that internal subnet may no longer be in use. In any case, the user and server VLANs are PATed to Sprint IPs. So, I suppose my question is moot.

When someone has a NATed or PATed external IP address, the gateway of last resort will still come into play when connecting to a website, correct? These questions are because we recently changed the endpoint of our remote access VPN (on our ASA) onto an IP from a different ISP, but the gateway of last resort needs to be changed to this new ISP so that the ASA can send the return packets. I'm just unsure what effect that will have on the rest of the traffic. Policy based routing is available to use to send VPN traffic through this new ISP, and all other traffic get sent through our old ISP, correct?

cadet alain · ‎11-05-2012

Hi Scott,

for inside NAT, routing is always done first before NAT and yes you could use PBR to send traffic to newest ISP next-hop.

Regards.

Alain

Don't forget to rate helpful posts.