cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
142
Views
0
Helpful
0
Replies

VRF + PBR + HSRP = TTL Expiry

Hi All,

I have following network layout uploaded here: diagram Simplified router configurations:

[CE1] http://pastebin.com/GsyEPmg1

[CE2] http://pastebin.com/ers1rNxW

I'm running constant pings to: Server B(192.168.10.1) from Server A (192.168.1.1) as well to the internet (8.8.8.8). When CE1 router is the HSRP active one (standby group for both LAN and ISP facing interfaces) all traffic routes normally with no issues. When I make CE2 router active on ISP side (10.0.0.0/24 network) all traffic routes normally. When I make CE2 router active on LAN side (192.168.1.0) I'm starting getting TTL expired messages when pinging ServerB. Pings to 8.8.8.8 routes normally.

The question is, why am i getting TTL expired messages when trying to route when CE2 is active member of HSRP LAN group.

What i tried:

  1. When i route directly to a CE2 ip address (192.168.1.22) i have no problems (No TTL expiration)

  2. In route map definition i tried following:

    set vrf L-LAN

    set ip default L-LAN next-hop 192.168.1.254

    set ip default global next-hop 192.168.1.254

and combination of these.

  1. Removing policy map from interface fixes issue with routing to ServerB (obviously that disables default traffic going to ASA).

  2. Changed set ip next-hop address to go to Sonicwall does not make difference

CE2 can reach both ISP1 and ISP2 routers via their HSRP or local addresses.

"show standby" shows all expected information (active, standby routers etc)

Cisco ASA has one static route - 192.168.10.0/24 route via 192.168.1.23

Any ideas what else to check?

ISO revisions: Cisco 2921 IOS: 15.4(3)M6 Cisco 1921 ISO: 15.2(4)M2

CreatePlease to create content
Content for Community-Ad