01-21-2008 02:55 PM - edited 03-05-2019 08:36 PM
Hi, I need a suggestion to solve an issue I'm having with a GLBP topology.
I have two routers connected to different internet links (different IP ranges, different ISPs). These routers run GLBP in the private LAN to provide redundancy and load balance. I also have a web server in the private LAN wich is accessed from the internet trough a static NAT in both routers. So it has two public addresses it can be reach from the internet.
The âproblemâ is that can't reach the web server using the public address from the first router (ISP 1) if the server is using the virtual mac address of the second router (ISP 2) as the default gateway.
Does anyone have any ideas to solve this?
Many thanks!!!
Mariano
01-21-2008 03:15 PM
I'm afraid it can't be done as ISP1 can't advertise the network from ISP2.
I'm surprised that's the only problem you have. The ideal solution is having a block of public IP addresses and have both ISPs advertise this block via BGP.
__
Edison.
01-21-2008 08:18 PM
You might want to look at:
http://www.cisco.com/warp/public/105/nat_routemap.html
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801fce09.html
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ftnatrt.html
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f8e.shtml
01-21-2008 11:44 PM
Hi,
from the router connected to ISP1, can you ping the web server? can you also see the web server on the ARP table of router1?
experts, correct me if im wrong, when you access the web server using the ISP1 IP address, the web server will reply using the router2 (ISP2) in the current GLBP setup. if router 2 can reach the source, there should be no problem right? unless RPF is enabled?
BR,
Aries
01-22-2008 04:31 AM
What I suspect is the problem is when an outside request comes in on RtrA the request it correctly forwarded to the "public" web server but if it returns via RtrB (either by a default path or in this case GLBP) the NAT translation is different between RtrA and RtrB making for a different public source address coming from the web server; different from the destination address the outside host originally used. If the traffic transits the same router both in and out, NAT translations remain the same and it works.
If the public address block was the same between ISP providers, there wouldn't be a problem. Since they're not, one has to insure the same path is used for both directions or NAT is aware of different public addresses and handles that. The prior references I provided details some features in the later IOSs that can handle multihomed with different public address blocks.
01-22-2008 12:57 PM
Thank you all for your reply.!!!
Ediortiz, I'm sorry but I can't use BGP nor I have my own address poolâ¦
Ariesc_33, Yes I can ping the server. Everything works fine, it even works if I use the public address from the same router the server is using as the gateway.
Josephdoherty, Thank you for the information; stateful NAT looks very promising.
I also had this same problem with the VPN clients. (the routers are also VPN servers) The vpn clients, once connected to the servers, did not reach the internal hosts if these hosts were using the other router as the gateway. I fixed this using a reverse route injection and an IGP to inform both routers of the source addresses. Unfortunately, it is a very different story with the connections from the Internet⦠I'll keep trying and I will tell you if I get it to work.
Thanks again!!!
Mariano
03-17-2008 01:26 PM
Mariano I got the same problem, And I make It work today using SNAT commands, if you still interested let me know so i can post the router configuration examples..
07-02-2012 05:58 AM
Hi Raul,
I do know, this is a very old thread... but is it possible to get your config examples???
Tank you!
10-23-2014 02:30 PM
Hi Raul,
I have exactly the same setup and the same issue, I would really appreciate it if you can help me out by providing some details or a working config file.
Thanks
10-24-2014 06:26 AM
10-25-2014 09:28 AM
Thanks Houtan,
Its working fine now. Your config helped me find the missing pieces and its all good now.
Thank You
10-25-2014 01:56 PM
I'm glad it helps you. Therefore, rate it and mark it as correct. It helps others to identify the right solution.
Houtan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide