Through two ISP there are external inquiries to an internal resource in LAN

Unanswered Question

Whether It is possible to make static translation on router in that case:

there are two public IP addresses (from two providers), on each address the same port is used.

also there is a server in a private network with one IP and one port.

DMZ Server(Private IP:12222)<->ASA<->C2811(ISP1 IP:12222;ISP2 IP:12222)

Whether such configuration is possible?

Any help and/or recommendations are welcomed.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tdrais Mon, 11/05/2007 - 14:24
User Badges:
  • Blue, 1500 points or more

Using a static NAT from 2 different ISP to a single inside machine is easy. Your problem is more the return traffic. You need to somehow make the traffic returning from the server to the user to go back out the same ISP as it came in from. By the time the packet gets to the end server all it has is its private address and the actually source address. Even it knew about both ISP routers it has no way to know which is better.

paolo bevilacqua Mon, 11/05/2007 - 14:42
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member


You will find that when using NAT in IOS, returning traffic is not a issue. This is because the way NAT works, it builds "translations" that contains the outgoing interface, so everything should work fine with minimal configuration.

Of course this will require all the NAT config to be in the router, as opposed to the ASA for the proposed config.

(side note, ASA is a bit redundant when used with a well-configured router, but that is another issue).

Hope this helps, please rate post if it does!


This Discussion