If we need to access single "inside" server (10.1.1.1/24) from two different static IP address from two different ISP2.
For example 10.1.1.1 --> IP1_from_ISP1
also 10.1.1.1 --> IP2_From_ISP2
This is to achieve ISP level redundancy.
Is it possible to have two "static" entries for ths same IP, I am not sure and most likely it is not possible.
Each ISP link is terminated on seperate router. But we have only one firewall ( Active+ failover- logically single device). How can we go about this situation? From each ISP we have a pool of 16 static IP address.
Do we need additional devices in between routers and firewall for source NAT or destination NAT before it hits the firewall outside interface.
What I feel is that we require to source_NAT and also Dest_NAT the packets coming from ISP2 before those reach the "outside" of firewall.
So for example packet reaching "outside" of firewall from ISP2 router will have Destination IP same as that of packets those arriving from ISP1. This will work fine for our single static entry in firewall. But now packets from ISP2 are also source_Nated or PATED before reaching the "outside" interface of firewall.
So when packets are coming back from Firewall packets with particular Destination IP will be routed to ISP2 routers remaining all will be sent to ISP1 router.
Here is ISP2 IP packets ( first NAT Device SAY R2 )
Source - 188.8.131.52
Destination - 184.108.40.206 ( internal server IP address from ISP2 persective )
First change the Destination IP to from 220.127.116.11 to 18.104.22.168. ( we have static entry for 22.214.171.124 to 10.1.1.1 Iinternal server IP -- on ASA )
In next devce packet will be ( Second NAT device SAY R3)
source -- 126.96.36.199
destination - 188.8.131.52
here we change source IP 184.108.40.206 to 220.127.116.11 and forward the packet to outside of firewall
Sp packet on firewall outside --
source -- 18.104.22.168
target : 22.214.171.124
On firewall will return this packet it will ALWAYS have source as 126.96.36.199 and target as 188.8.131.52. Thus we can route this traffic to Device R3 which will send the pakcet back to R2 and then to ISP2 with corresponding NAT and PAT on each router.
For ISP1 it will there is no need for additional device inbetween router and firewall.
This seems to be very lenthy soluation
Any other soluation please share the experience.