topic Re: Dual ISP and returning traffic in General Topics

Dual ISP and returning traffic

myrdin — Tue, 18 Oct 2016 03:35:27 GMT

Hi,

this is the scenario:

- ISP1 : only for GlobalProtect

-ISP2 : only for Internet access

ISP1 has distance 10 and metric 10

ISP2 has distance 10 and metric 15

in this scenario the ISP1 interface responds to Global protect gateway/portal no problem. Also ISP2 pings, and i can access management through ISP2 public ip.

If i change the metric to ISP1 to 20, ISP2 becomes primary. BUT ISP1 no longer responds to pings nor GlobalProtect nor management, nothing.

It appears that returning traffic entering ISP1 go out through ISP2 no matter what if ISP2 is preferred. The other way around tho, when ISP1 is primary, traffic entering ISP2 get out ISP2.

any clues?

thanks

Re: Dual ISP and returning traffic

myrdin — Tue, 18 Oct 2016 06:00:31 GMT

I have resolved like this:

- created a default route to ISP1 (usuale way in the Virtual route).

- removed ISP2 as second default route with higher metric

- added PBF to force traffic from lan to ISP2, and negate routing to internal networks (so only traffic to 0.0.0.0/0 would be intercepted).

- This kept ISP1 accessible while forcing traffic originating from LAN to ISP2. (and ISP2 is still accessible somehow)

Very akward way to achieve a working configuration in such scenario, but thats it.

Re: Dual ISP and returning traffic

pulukas — Sat, 22 Oct 2016 12:54:23 GMT

An alternative way to configure this would be to place your Global Protect ISP into a separate virtual router. This would isloate and give this traffic their own routing table.