05-30-2007 09:19 AM - edited 03-03-2019 05:13 PM
Hi,
I got a router with two nics - 'a' and 'b'.
I have to setup a static nat for traffic coming from 'b' ip space to 'a'. The router has two equal cost default gateways - one on 'a', and one on 'b'. The trouble I am having is the reverse path for that nat is taking a different route from where it came from.
Does routing happen before nat'ing? How can I make the router to preserve the flow state, i.e. route back the natted traffic through the same interface it came from?
Thanks!
-igor
05-30-2007 09:44 AM
Hi Igor,
If you have two default routes, traffic will be split on them. In your case, it does not seem right that you have two default routes, because one interface is inside and the other is outside, usually the default is on outside only.
I think that you have to better define routing, possible use PBR, but I would need to explain in more detail what you are actually trying to do.
05-30-2007 09:57 AM
Thanks for prompt reply.
I am setting up the router for my internet load balancing between several providers. It will be installed in front of the existing firewall as its default gateway. The router itself has two dg towards existing and new providers. The nat from the new provider to the existing is giving me a headache, since as I explained the return traffic is load balanced regardless of flow state.
Due to certain conditions I cant introduce a third subnet to hide my fw.
What can be done in this case? I cant come up with a pbr for it...
Thanks again for your help.
-igor
05-30-2007 07:03 PM
Hi,
what confuses me is that you are trying to do NAT between the two ISPs. In a "normal" situation with two outside and one inside, traffic would always come back from where it left because of NAT itself. But as you say there may be certain complications in your situation that prevent that to happen.
05-31-2007 06:28 AM
What is the order of processing - does nat happen before routing takes place or vice versa?
05-31-2007 05:17 PM
Routing comes before NAT.
06-01-2007 05:05 AM
Hm, If the routing comes before nat, then in situation as you describe with two outside and one inside having two nats on both isp's would not help either. Returning traffic would get load balanced first before it hits either of the nats. Would it not?
06-01-2007 05:22 AM
Hello,
with two outside interfaces, and NAT made via "interface x/y overload", traffic will always return via the interface used for outgoing, because to all effects for the internet, it has been originated from that interface.
If the two interfaces are equally balanced is another matter, usually due to properties of CEl algorithm, they are.
Hope this helps, please rate post if it does!
06-01-2007 05:25 AM
Yep, the isp's are equally balanced - that is the genuine culprit to all of this. Routing policies are not applicable in this scenario also, because they get inspected before reverse nat takes place you you can't tell which link the flow came from.
06-01-2007 03:23 PM
I have to admit, I'm still unable to understand in essence what the problem is.
Perhaps a diagram and configuration would help me in this.
06-03-2007 08:01 AM
Hii..
the topic seems intersting ..bt we are unable to get wht u exactly mean by this..also u hv a firewall and router..can u pls elaborate the thing further..??
is the links getting terminated to router or firewall?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide