- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: static nat single host to multiple ISP IP's fo...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
static nat single host to multiple ISP IP's for failover
Hi,
I am trying to NAT single host statically to 2 different ISP for failover purpose for publicly hosted servers . Is it possible using manual NAT? Guide me on this... Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using manual NAT this should be straight forward, are you using the ISP redundancy feature?
The only caveat that I can think of otherwise is that you'll likely need some PBR (source routing) or similar for the return traffic.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With ISP redundancy enabled the return traffic will be no problem. Outgoing return traffic is sent via the same interface from incoming.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
we are using load sharing in our environment and PBR doesn't work in this scenario. Is their any alternative solution for this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
for incoming connections only (your webserver will be reachable via 2 external IPs) you have to define two manual NAT rules
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there any solution for outgoing traffic so that if single nat fail, nat automatically switch to another in load sharing environment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Sagar_Manandhar maybee you can provide more details of your use case.
With the shown NAT rules your internal webserver can be reached via the IP address from ISP_A and via the IP address from ISP_B. Both are active at all the time. The return traffic from your webserver will be routed through the same ISP as it coming in. An incoming packet via ISP_A will be forwarded to your webserver and the return packet will be send out via ISP_A. This is how ISP redundancy works.
You have to define both external IPs in the external DNS for name resolution of your webserver. In case one of the ISPs is failing the failing ISPs external IP address has to be removed from this DNS record. If you want to have an automatic change of the DNS records you can use DNS proxy feature of ISP redundancy.
But I would prefer an external solution to check the availability of your ISPs and route the traffoc to the right incoming site. Something like Azure Traffic Manger as an example, they can probe your webserver via both ISPs and change DNS following the availability.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Agreed, the problem statement should be clarified. It still remains unclear if ISP redundancy (check point feature as different to the concept is being used here).
Provider independent addressing and a GTM solution would certainly help!