Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1015
Views
0
Helpful
5
Replies

Multiple ISP PAT IP Issue

accenture-bang2
Level 1
Level 1

‎11-11-2012 04:00 AM - edited ‎03-04-2019 06:06 PM

Hi,

We are facing the issue,

In Local LAN segment, we normally using 2 Public IP pool address for PAt ( ISP1 & ISP2),

In normal scenario, all works fine, ISP1 PATIP mapped address take path of ISP1 router --internet
ISP2 PATIP mapped address take path of ISP1 router--IBGP--ISP2 router --internet

As we are using HSRP from ASA to ISP router, default traffic hitting ISP1 router.

we have flocating static route in place in both the router in case of any ISP link down, traffic can pass via other ISP router with static route.

problem:
----------
But, when ISP1 router is power down, PAT IP mapped with ISP 1 is not able to access internet as it drop after reach alternate ISP router HSRP address
same happen with ISP2 router down also..

Pls guide

Attached Network diagram for easy ref.

Labels:
Preview file
62 KB
0 Helpful
5 Replies 5

Raju Sekharan
Cisco Employee
Cisco Employee

‎11-11-2012 06:10 AM

Hi

In normal scanario, the HSRP active router will be the one receiving all inside traffic and does forward the traffic out after NAT translation. HSRP standbybe idle becuase it is standby

Could you provide the  config from both the routers?

Thank you

Raju

0 Helpful

Sudeep Valengattil
Cisco Employee
Cisco Employee

‎11-11-2012 08:07 PM

Hi,

I assume the PAT which you are talking about is happing on Cisco ASA firewall.  Since you have the default as ISP1 router (HSRP active), all traffic would be transiting this router to go outside, be it ISP1 PAT or ISP2 PAT address.  Only the Incoming (inbound) traffic would get load shared (ie 54.0/24 will use ISP1 and 55.0/24) would use ISP2.

Now once the ISP1 router goes down, the advertisement prefix 54.0/24 would be removed from the Global internet and the traffic going to/from 54.0/24 would be affected.  Bcoz internet is not aware of 54.0/24 anymore.

To workaround this, u can have a advertisement for 54.0/23 <<< on ISP2 router.  Even with this, a few seconds/minutes of downtime may be experience due to convergence.

Thanks,

Sudeep

0 Helpful

accenture-bang2
Level 1
Level 1
In response to Sudeep Valengattil

‎11-11-2012 10:21 PM

Hi,

PAT is happening on ASA firewall for both the ISP.

Can you pls share the details of the workaround solution mentioned above.

thanks,

0 Helpful

Sudeep Valengattil
Cisco Employee
Cisco Employee
In response to accenture-bang2

‎11-11-2012 10:28 PM

Hi,

On the ISP2 router, under BGP process u should have these statments.

router bgp <>

network  72.31.55.0 mask 255.255.255.0

network 72.31.54.0 mask 255.255.254.0  <<< this would work as backup

Recommedation would be to have this additional statement on both routers.  Please check if its there already.

Regards,

Sudeep Valengattil

0 Helpful

Abzal
Level 7
Level 7

‎11-11-2012 10:45 PM

Hi,

You can use ISP2 router as backup path to network 72.31.54.0

ip access-list 1 permit 72.31.54.0

route-map setpath

match ip address 1

set as-path prepend

router bgp

net 72.31.55.0

net 72.31.54.0

neighbor remote-as

neighbor route-map setpath out

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml

Best regards,
Abzal
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card