Showing results for 
Search instead for 
Did you mean: 

VRF + PBR + HSRP = TTL Expiry

Michal Trembacz

Hi All,

I have following network layout uploaded here: diagram Simplified router configurations:



I'm running constant pings to: Server B( from Server A ( as well to the internet ( When CE1 router is the HSRP active one (standby group for both LAN and ISP facing interfaces) all traffic routes normally with no issues. When I make CE2 router active on ISP side ( network) all traffic routes normally. When I make CE2 router active on LAN side ( I'm starting getting TTL expired messages when pinging ServerB. Pings to routes normally.

The question is, why am i getting TTL expired messages when trying to route when CE2 is active member of HSRP LAN group.

What i tried:

  1. When i route directly to a CE2 ip address ( i have no problems (No TTL expiration)

  2. In route map definition i tried following:

    set vrf L-LAN

    set ip default L-LAN next-hop

    set ip default global next-hop

and combination of these.

  1. Removing policy map from interface fixes issue with routing to ServerB (obviously that disables default traffic going to ASA).

  2. Changed set ip next-hop address to go to Sonicwall does not make difference

CE2 can reach both ISP1 and ISP2 routers via their HSRP or local addresses.

"show standby" shows all expected information (active, standby routers etc)

Cisco ASA has one static route - route via

Any ideas what else to check?

ISO revisions: Cisco 2921 IOS: 15.4(3)M6 Cisco 1921 ISO: 15.2(4)M2

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers