Re: 2 routers, 2 ISP, 1 Inside HTTP Server

infomil · ‎09-04-2007

Hello,

I have a problem with this simple architecture, I have 2 877 Adsl router connected to internet, each one with his own internet static IP adress.

I made an HSRP group with this 2 routers.

I need to made an Http server joinable from Internet, so I configure static IP Nat on the 2 router.

The problem is that :

- when I browse my http server from internet, I can arrive on the ISP2

- when the Http server replies, the HSRP's group master could :

- forward the packet to the ISP2 router : so it works

- forward the packet directly on ISP1 : so it doesn't work because we don't use the same path

Do you see what I mean ???

Is there an answer ???

Thanks...

mheusing · ‎09-04-2007

Hi,

The issue at hand is, that your server does route all packets to the HSRP active, when sending towards the internet no matter where it was received from.

The only solution I can think of is to double NAT. You could use two private IP ranges like 10.10.1.0/24 for R1 and 10.10.2.0/24 for R2 to NAT any IP packet arriving at your two WAN routers destined for the server. Additionally set static routes in the server for those two ranges pointing to the respective router. As a result you would make sure that a request coming in through R1 will be answered through R1 by the server and the same for R2.

Example config:

R1:

interface Serial0

ip address 1.1.1.1 255.255.255.240

ip nat outside

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip nat pool R1 10.10.1.0 10.10.1.255 prefix-length 24

ip nat outside source list 100 pool R1

ip nat inside source static 192.168.1.3 1.1.1.3

access-list 100 permit any host 1.1.1.3 !server IP as seen from the internet

I never tried this in a lab, so it is just an idea. In case it works, please provide the feedback.

Regards, Martin

infomil · ‎09-09-2007

Hi martin,

Thanks for your reply, your solution works great.

Regards, Christophe