Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
766
Views
5
Helpful
2
Replies

RV82 Dual WAN and online banking. Packets from two IP's

Go to solution
Jone Tytlandsvik
Level 1
Level 1

‎05-15-2014 03:27 AM

Hi all

I have a RV082 set up with two different ISP's (load balancing). A while ago the users started to get problems with online banking. It looks like the bank system set up more than one "channel" to/from the end user, and that the bank systems will not accept that packets are coming from 2 different public IP's. I have solved this by binding all HTTPS traffic to WAN1.

Is this a good solution or is there a better way to deal with this? I'm afraid this will "unbalance" my network as many services like Netflix and Youtube is HTTPS.

Are there any other online services that may have problems with a load balancing setup?

If WAN1 goes down. Will WAN2 start to transport HTTPS even though HTTPS is bound to WAN1?

I also have a similar issue with alert mail from the router (goes to wrong ISP every second time), but this seems to be fixed in the last firmware:
"Email account authentication is configurable for email alert."

 

Thanks in advance

Jone

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
chrebert
Level 4
Level 4

‎05-16-2014 01:16 AM

Hello Jone,

Your solution is correct.  Certain types of secure connection like HTTPS or SSH will not work if you keep switching the source IP, because it breaks the three-way handshake.  To prevent that you setup protocol binding as you have.  You can do the same thing for any other traffic that always needs to go out a certain WAN port.  

If the WAN connection you have selected to protocol bind traffic to goes down, it will failover to the other WAN until the connection recovers.  

I haven't seen too many online services that have issues with load balancing, it is mostly with secure connections, namely HTTPS.  I did try to get Netflix into HTTPS mode, but I could never get an encrypted connection, but your best bet is to monitor and observe the network to see how it affects you.

I want to say the line you are quoting has to do with configuring authentication to an SMTP server to send e-mail alerts, rather then selecting a WAN port to use, however if you protocol bind SMTP to the WAN you would like it to use that should no longer be an issue.

Hope that helps,

Christopher Ebert - Advanced Network Support Engineer

Cisco Small Business Support Center

*please rate helpful posts*

View solution in original post

2 Replies 2

Go to solution
chrebert
Level 4
Level 4

‎05-16-2014 01:16 AM

Hello Jone,

Your solution is correct.  Certain types of secure connection like HTTPS or SSH will not work if you keep switching the source IP, because it breaks the three-way handshake.  To prevent that you setup protocol binding as you have.  You can do the same thing for any other traffic that always needs to go out a certain WAN port.  

If the WAN connection you have selected to protocol bind traffic to goes down, it will failover to the other WAN until the connection recovers.  

I haven't seen too many online services that have issues with load balancing, it is mostly with secure connections, namely HTTPS.  I did try to get Netflix into HTTPS mode, but I could never get an encrypted connection, but your best bet is to monitor and observe the network to see how it affects you.

I want to say the line you are quoting has to do with configuring authentication to an SMTP server to send e-mail alerts, rather then selecting a WAN port to use, however if you protocol bind SMTP to the WAN you would like it to use that should no longer be an issue.

Hope that helps,

Christopher Ebert - Advanced Network Support Engineer

Cisco Small Business Support Center

*please rate helpful posts*

Go to solution
Jone Tytlandsvik
Level 1
Level 1
In response to chrebert

‎05-16-2014 02:07 AM

Thank you for your reply.

What I meant regarding alert email and new firmware is that I can now use my web host's SMTP server instead of any of the ISP's SMTP server.

Jone

0 Helpful
Customers Also Viewed These Support Documents