We are currently deploying a Cisco ISR in our office, with 2 separate ISP connections, and are running into issues with incoming traffic through ISP2.
We have followed the following document to provide ISP/NAT fail-over in case there is an issue on the primary ISP.
We have tested the ISP fail-over, and everything works great for outgoing traffic. The default gateway fails over to the floating static route, and traffic is NATed through the secondary WAN interface IP.
The problem is with incoming traffic to our public addresses space from ISP2. While the primary ISP is active, all incoming traffic to our secondary IP addresses fails. If we fail-over and the default gateway changes to ISP2, everything in this secondary IP range works fine. Once fail-back happens, incoming traffic fails again.
Am I correct in assuming that this happens because traffic will come in through ISP2, but go back out through ISP1 (default gateway is set to this), which will then drop it due to the source being from a different subnet?
If this is the case, is there any straightforward way to get incoming traffic to our ISP2 public range to go back out ISP2 default gateway (while all other traffic is unaffected)?
We would like to be able to utilize this secondary IP space even with the primary ISP active.
I was thinking we could utilize Policy based routing but not sure how to best accomplish this, especially when NAT is involved.
Thanks so much for any insight you can provide!