cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
694
Views
0
Helpful
5
Replies
Highlighted

Multiple ISP PAT IP Issue

Hi,

We are facing the issue,

In Local LAN segment, we normally using 2 Public IP pool address for PAt ( ISP1 & ISP2),

In normal scenario, all works fine, ISP1 PATIP mapped address take path of ISP1 router --internet
ISP2 PATIP mapped address take path of ISP1 router--IBGP--ISP2 router --internet

As we are using HSRP from ASA to ISP router, default traffic hitting ISP1 router.

we have flocating static route in place in both the router in case of any ISP link down, traffic can pass via other ISP router with static route.

problem:
----------
But, when ISP1 router is power down, PAT IP mapped with ISP 1 is not able to access internet as it drop after reach alternate ISP router HSRP address
same happen with ISP2 router down also..

Pls guide

Attached Network diagram for easy ref.

5 REPLIES 5
Highlighted
Cisco Employee

Hi

In normal scanario, the HSRP active router will be the one receiving all inside traffic and does forward the traffic out after NAT translation. HSRP standbybe idle becuase it is standby

Could you provide the  config from both the routers?

Thank you

Raju

Highlighted
Cisco Employee

Hi,

I assume the PAT which you are talking about is happing on Cisco ASA firewall.  Since you have the default as ISP1 router (HSRP active), all traffic would be transiting this router to go outside, be it ISP1 PAT or ISP2 PAT address.  Only the Incoming (inbound) traffic would get load shared (ie 54.0/24 will use ISP1 and 55.0/24) would use ISP2.

Now once the ISP1 router goes down, the advertisement prefix 54.0/24 would be removed from the Global internet and the traffic going to/from 54.0/24 would be affected.  Bcoz internet is not aware of 54.0/24 anymore.

To workaround this, u can have a advertisement for 54.0/23 <<< on ISP2 router.  Even with this, a few seconds/minutes of downtime may be experience due to convergence.

Thanks,

Sudeep

Highlighted

Hi,

PAT is happening on ASA firewall for both the ISP.

Can you pls share the details of the workaround solution mentioned above.

thanks,

Highlighted

Hi,

On the ISP2 router, under BGP process u should have these statments.

router bgp <>

network  72.31.55.0 mask 255.255.255.0

network 72.31.54.0 mask 255.255.254.0  <<< this would work as backup

Recommedation would be to have this additional statement on both routers.  Please check if its there already.

Regards,

Sudeep Valengattil

Highlighted
Rising star

Hi,

You can use ISP2 router as backup path to network 72.31.54.0

ip access-list 1 permit 72.31.54.0

route-map setpath

match ip address 1

set as-path prepend

router bgp

net 72.31.55.0

net 72.31.54.0

neighbor remote-as

neighbor route-map setpath out


http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml

Best regards,
Abzal