NAT DIA tracker and two default route

dijix1990 · ‎09-03-2025

I bumped into interested problem (don't know is it normal or not)

I have two isp with two default route
I have nat dia (Direct Traffic from Service VPN like ip nat route vrf 16 0.0.0.0 0.0.0.0 global) with track to google (8.8.8.8)
and today one of my isp did preventive maintenance.

Sla reachability for this isp was timeout but DIA tried to sent traffic via problem providers because def gw was reachable

I thought that if sla has problem traffic not sent to problem link.

Enes Simnica · ‎09-03-2025

@dijix1990 this is a normal behavior and happened to me many times. A track object only influences which route is active in the routing table. It does not control NAT or how the router forwards traffic once a route is chosen.

Ur problem ISP's default route likely stayed active in the routing table because its next-hop gateway was still reachable (Layer 2 was up), even though the SLA to 8.8.8.8 via that ISP failed (Layer 3 was broken). Since the route was active, the NAT rule continued to use it.

and here u have a short config to fix it:

track 10 list boolean and
 object 1 (tracks next-hop ISP gateway)
 object 2 (tracks 8.8.8.8)
ip route 0.0.0.0 0.0.0.0 [ISP-Gateway] track 10

SO u track must check both the ISP gateway and the end-to-end path. Use a single tracked object that requires both to be true.

-Enes
CCNP x2 Enterprise
Your Friendly Networking Ninja

more Cisco?!
more Gym?!

If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!

dijix1990 · ‎09-03-2025

for legacy I also use it, but for sdwan it can't be usable

balaji.bandi · ‎09-03-2025

Can we see more configuration to understand the issue.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

M02@rt37 · ‎09-03-2025

Hello @dijix1990

NAT DiA follows the routing table...and the default route stay up as long as the ISP Gateway is reachable !

So, you need to tie each ISP's default route to a track object driver bye the SLA probe. So, when this probe fails the route will be withdrawn from the RIB and NAT automaticaly switches to your healthy provider.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

dijix1990 · ‎09-03-2025

but we can't use next-hop track for transport interface

Static route tracker cannot be configured for VPN 0

M02@rt37 · ‎09-03-2025

Woooooo sorry. I just see that: !!! this post is in SD-WAN and Cloud Networking

So sorry .... I think you have the good persons here to help you.

Sorry again.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

dijix1990 · ‎09-03-2025

It's not a problem)

MHM Cisco World · ‎09-03-2025

MHM

dijix1990 · ‎09-03-2025

I use DNS Name

MHM Cisco World · ‎09-03-2025

MHM

dijix1990 · ‎09-03-2025

track type is interface the same as in your picture, IP or DNS name doesn't matter because My problem ISP's default route stayed active

MHM Cisco World · ‎09-03-2025

MHM

dijix1990 · ‎09-03-2025

but my track was down when problem was

MHM Cisco World · ‎09-03-2025

MHM