ā11-11-2012 04:00 AM - edited ā03-04-2019 06:06 PM
Hi,
We are facing the issue,
In Local LAN segment, we normally using 2 Public IP pool address for PAt ( ISP1 & ISP2),
In normal scenario, all works fine, ISP1 PATIP mapped address take path of ISP1 router --internet
ISP2 PATIP mapped address take path of ISP1 router--IBGP--ISP2 router --internet
As we are using HSRP from ASA to ISP router, default traffic hitting ISP1 router.
we have flocating static route in place in both the router in case of any ISP link down, traffic can pass via other ISP router with static route.
problem:
----------
But, when ISP1 router is power down, PAT IP mapped with ISP 1 is not able to access internet as it drop after reach alternate ISP router HSRP address
same happen with ISP2 router down also..
Pls guide
Attached Network diagram for easy ref.
ā11-11-2012 06:10 AM
Hi
In normal scanario, the HSRP active router will be the one receiving all inside traffic and does forward the traffic out after NAT translation. HSRP standbybe idle becuase it is standby
Could you provide the config from both the routers?
Thank you
Raju
ā11-11-2012 08:07 PM
Hi,
I assume the PAT which you are talking about is happing on Cisco ASA firewall. Since you have the default as ISP1 router (HSRP active), all traffic would be transiting this router to go outside, be it ISP1 PAT or ISP2 PAT address. Only the Incoming (inbound) traffic would get load shared (ie 54.0/24 will use ISP1 and 55.0/24) would use ISP2.
Now once the ISP1 router goes down, the advertisement prefix 54.0/24 would be removed from the Global internet and the traffic going to/from 54.0/24 would be affected. Bcoz internet is not aware of 54.0/24 anymore.
To workaround this, u can have a advertisement for 54.0/23 <<< on ISP2 router. Even with this, a few seconds/minutes of downtime may be experience due to convergence.
Thanks,
Sudeep
ā11-11-2012 10:21 PM
Hi,
PAT is happening on ASA firewall for both the ISP.
Can you pls share the details of the workaround solution mentioned above.
thanks,
ā11-11-2012 10:28 PM
Hi,
On the ISP2 router, under BGP process u should have these statments.
router bgp <>
network 72.31.55.0 mask 255.255.255.0
network 72.31.54.0 mask 255.255.254.0 <<< this would work as backup
Recommedation would be to have this additional statement on both routers. Please check if its there already.
Regards,
Sudeep Valengattil
ā11-11-2012 10:45 PM
Hi,
You can use ISP2 router as backup path to network 72.31.54.0
ip access-list 1 permit 72.31.54.0
route-map setpath
match ip address 1
set as-path prepend
router bgp
net 72.31.55.0
net 72.31.54.0
neighbor
neighbor
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide