Need your help & clarify some douts.
G1/1 - xxxxx/30 (ISP 1)
G1/2 - xxxxx/30 (ISP 2)
G1/3 - xxxxx/24 (LAN)
Both the ISP have also provided xxxxxx/29 range of usable IPs
Have Configured Dula ISP Redundancy with single virtual router by enabling ECMP and link monitor for static route
Have configured source NAT to access internet from local LAN ( G1/1 & G1/2)
Have also configured PBF for specific zone/network to access internet from specific ISP ( G1/1 & G1/2)
Configured Destination NAT from public IP xxxxx/29 to local server (red). for both ISP it's configured
When both ISP are connected
able to access local server (red) from internet on only from ISP1
But when i disconnect ISP1 from firewall then am able to access local server from internet through ISP2
can any one plz help.
Regardless of configuration you will not be able to have simultanious connections from ISP1 and ISP2 to the same internal resource. Your weighted routes and PBF with monitoring policies don't really allow for that.
You mean destination NAT will not work for both the ISP if PBF is configured ??
How can i achive Destination NAT from both ISP (ISP1 & IPS2) to local server.
Can you share how you have configured the NATs in question. Your NAT policies are evaluated the same as the security policies, so the first NAT policy that matches the traffic is going to be the policy that gets used.
Best case scenario you are able to advertize one IP range across both ISPs, but unless you actually own the IP range then the ISP is unlikely to agree to this. There are other ways to accomplish what you are trying to do but the easiest way to configure this is actually to just have dual IPs on your server in question and setup completely seperate NAT policies for both IPs to allow access.
The ways decribed by @BPry are (in my opinion) not the the easiest, these are the only ways to achieve what you want to do.
Does this config now work or did you create this after this topics discussion?
Looks actually pretty good, I think
Sorry for the late responce, i was on leave.
Yes, I had started this topic discussion after the configuring the firewall.
Recently had spoken to PA support tech about this issue.
Since this issue was happeining intermittent will post my findings when it happens.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!