I got a router with two nics - 'a' and 'b'.
I have to setup a static nat for traffic coming from 'b' ip space to 'a'. The router has two equal cost default gateways - one on 'a', and one on 'b'. The trouble I am having is the reverse path for that nat is taking a different route from where it came from.
Does routing happen before nat'ing? How can I make the router to preserve the flow state, i.e. route back the natted traffic through the same interface it came from?
If you have two default routes, traffic will be split on them. In your case, it does not seem right that you have two default routes, because one interface is inside and the other is outside, usually the default is on outside only.
I think that you have to better define routing, possible use PBR, but I would need to explain in more detail what you are actually trying to do.
Thanks for prompt reply.
I am setting up the router for my internet load balancing between several providers. It will be installed in front of the existing firewall as its default gateway. The router itself has two dg towards existing and new providers. The nat from the new provider to the existing is giving me a headache, since as I explained the return traffic is load balanced regardless of flow state.
Due to certain conditions I cant introduce a third subnet to hide my fw.
What can be done in this case? I cant come up with a pbr for it...
Thanks again for your help.
what confuses me is that you are trying to do NAT between the two ISPs. In a "normal" situation with two outside and one inside, traffic would always come back from where it left because of NAT itself. But as you say there may be certain complications in your situation that prevent that to happen.
Hm, If the routing comes before nat, then in situation as you describe with two outside and one inside having two nats on both isp's would not help either. Returning traffic would get load balanced first before it hits either of the nats. Would it not?
with two outside interfaces, and NAT made via "interface x/y overload", traffic will always return via the interface used for outgoing, because to all effects for the internet, it has been originated from that interface.
If the two interfaces are equally balanced is another matter, usually due to properties of CEl algorithm, they are.
Hope this helps, please rate post if it does!
Yep, the isp's are equally balanced - that is the genuine culprit to all of this. Routing policies are not applicable in this scenario also, because they get inspected before reverse nat takes place you you can't tell which link the flow came from.
I have to admit, I'm still unable to understand in essence what the problem is.
Perhaps a diagram and configuration would help me in this.
the topic seems intersting ..bt we are unable to get wht u exactly mean by this..also u hv a firewall and router..can u pls elaborate the thing further..??
is the links getting terminated to router or firewall?