We are facing the issue,
In Local LAN segment, we normally using 2 Public IP pool address for PAt ( ISP1 & ISP2),
In normal scenario, all works fine, ISP1 PATIP mapped address take path of ISP1 router --internet
ISP2 PATIP mapped address take path of ISP1 router--IBGP--ISP2 router --internet
As we are using HSRP from ASA to ISP router, default traffic hitting ISP1 router.
we have flocating static route in place in both the router in case of any ISP link down, traffic can pass via other ISP router with static route.
But, when ISP1 router is power down, PAT IP mapped with ISP 1 is not able to access internet as it drop after reach alternate ISP router HSRP address
same happen with ISP2 router down also..
Attached Network diagram for easy ref.
In normal scanario, the HSRP active router will be the one receiving all inside traffic and does forward the traffic out after NAT translation. HSRP standbybe idle becuase it is standby
Could you provide the config from both the routers?
I assume the PAT which you are talking about is happing on Cisco ASA firewall. Since you have the default as ISP1 router (HSRP active), all traffic would be transiting this router to go outside, be it ISP1 PAT or ISP2 PAT address. Only the Incoming (inbound) traffic would get load shared (ie 54.0/24 will use ISP1 and 55.0/24) would use ISP2.
Now once the ISP1 router goes down, the advertisement prefix 54.0/24 would be removed from the Global internet and the traffic going to/from 54.0/24 would be affected. Bcoz internet is not aware of 54.0/24 anymore.
To workaround this, u can have a advertisement for 54.0/23 <<< on ISP2 router. Even with this, a few seconds/minutes of downtime may be experience due to convergence.
PAT is happening on ASA firewall for both the ISP.
Can you pls share the details of the workaround solution mentioned above.
On the ISP2 router, under BGP process u should have these statments.
router bgp <>
network 18.104.22.168 mask 255.255.255.0
network 22.214.171.124 mask 255.255.254.0 <<< this would work as backup
Recommedation would be to have this additional statement on both routers. Please check if its there already.
You can use ISP2 router as backup path to network 126.96.36.199
ip access-list 1 permit 188.8.131.52
match ip address 1
set as-path prepend