Re: Dual routers with Zscaler

dodgerfan78 · ‎07-31-2024

Two SDWAN edge routers each with tunnels to Zscaler. All Internet goes over the tunnel to Zscaler. If router1 loses its Internet but its LAN side is still reachable, how do I get Internet traffic to failover to router2's tunnel to Zscaler?

Flavio Miranda · ‎07-31-2024

Hi

Seems to be IPSLA could be one possibility or Enhanced Policy Based Routing (ePBR)

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/command/iosxe/qualified-cli-command-reference-guide/m-policy-commands.html#GUID-53D709C9-1CD3-4851-9739-5A937E77C7CC

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policies/ios-xe-17/policies-book-xe/epbr-cisco-sdwan.html

dodgerfan78 · ‎07-31-2024

Interesting, might try that. Thanks.

MHM Cisco World · ‎07-31-2024

Zscaler add two routers or only one ?

MHM

dodgerfan78 · ‎07-31-2024

No clue what you mean. 2 SDWAN routers, each has a single tunnel to Zscaler.

MHM Cisco World · ‎07-31-2024

Ok' do you run vrrp?

MHM

Kanan Huseynli · ‎08-01-2024

Hello,

you need either VRRP or routing in service-side.

With VRRP, tracking is available where if SIG fails, primary node (master) decrements priority and due to preemtion secondary node (backup) takes primary role.

With routing details are shared here:

https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-zscaler-deploy-guide.html#Routing

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.