P4Colin

Unfortunately we were never able to find a solution here, even in an active/active state on the trunk like you are stating. I wish I had a better answer.

Just upgraded to 4.73(AAAA.2) and rebooted, same thing persists. VLAN 1001 is tagged on the port going into WAN2. It all comes to the policy route with SNAT for using an alternate IP, and I am not able to find a way to bypass this route if traffic came in the LTE connection.

We are using a user configured trunk, which we have setup with both members being active or VLAN1001 being passive without change in behavior. VLAN1001 is setup as an external interface with WAN2 being the base port (only setup this way to go through a switch then connect back to the router).

NAT rules are Virtual Server, but we have tried 1:1 NAT as well with the same result. The "Use Static-Dynamic Route to Control 1-1 NAT Route" box is checked, but we have the same result of the traffic going out the coax WAN with the LTE address when we uncheck this box.

Attempted to disable this and it looks like it is in the same situation where all traffic is going back out the WAN connection showing the LTE address like in the packet capture posted before.

Yes, "Use IPv4 Policy Route to Overwrite Direct Route" is enabled 2 Policy routes 1st one for internal IPs: 2nd is for SNAT which is the one that is causing the issues, but we need this in place since it has to use a different external IP than what is assigned to WAN1: I am looking to see if there is a different way to…

Simple version of the network - coax connection into WAN1, LTE connection into VLAN 1001, VM for the server is on VLAN 5 off of LAN1. 2 potential issues occur: We want all traffic to be routed out the coax connection normally, and only use the LTE connection as a backup. So in this case we have a Trunk setup for the 2 WAN…

I believe the issue is that we have no way to allow it to use the default route since it is not using an ip directly assigned to a WAN interface, and we have to instead use a Policy Route or 1:1 NAT in order to get the IP of the server to show properly. Unless there is another way to do this?