Hi All, default route to internet to communicate with the private networks. ISP1s are active through AD and ISP2s are backup via IP SLA. I want to communicate to the AMERICA's server via ASIA's ISP2. When I do a basic static route, everything works fine. But when I do a static route to that host via full mask, I get RTOs. Same with PBR. What seem to be the problem here?
what is your IP SLA tracking, a default route ? And what do RTO's mean in your context, do you have no connectivity at all when you use the static host route, or just lost packets ?
So its failing when you either add a more specfic static or policy route towards the american server via Asia ISP2 path?
I guess when you do this you would most probably be incuring asymetric routing with the return path coming back via Asia ISP1
Can you elaborate on what routing protocols (if any) your are using or is this soley static routing?
How are you trying to connect to the server? What is the server role?
When you static route or PBR are you able to traceroute the path towards this server, Where does it fail?
Can you post you PBR configuration and possible any successful and failed test results you may have?
Basically when I do a traceroute using the less specific route i got
traceroute [server IP]
1 [private gateway]
3 [server name]
that's all i got, i guess mainly because of the "tunnel" it goes to. basically the set up is like 1 subnet to another inside 1 private network, so your packets traverse your immediate gateway then the tunnel then the host. I will try the to trace using the more specific route later. thanks for replying please keep them coming.
Yes im having packet drops when i configure a more specific route(static to
host and pbr).
Thought so too about the possibility of having a problem witht he return
Static routing is all we have.
I am just monitoring through continous pings, its a database one.
I am afraid im not able to traceroute because of the vpn, this is why i am
on the edge of losing hope with this one.
Okay details of you vpn setup - So your vpn is denying traceroute? What kind of vpn is this, Is it possible the vpn security rules are also denying asymmetric routing- Unfortunately without details it would be hard to troubleshoot.
we ASAs before each ISP switch.
im sorry for not being so specific here. i know it would be very hard to troubleshoot with little to nothing details. but what's confusing me is, how come a basic static route with next ip address is working all fine but the more specific route is not?
you mentioned asymmetric routing, what are the configs that might block this kind of routing?
I think it could be various things negating this, more so security/filtering rules applied to upstream routers /Fws etc but without the understanding it would be hard to say.
Are you able to provide any pre-post configuration, traceroute extened ping or debug results?