I've bought 1 more public IP range but cannot use it

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

I've bought 1 more public IP range but cannot use it

L2 Linker

Dear all,

I've 2 internet lines connected to 2 different ISP: ISP-1 and ISP-2. Default route to internet is the connection to ISP-2

I just bought 1 more public IP range from ISP-1 that belong to a different subnet with my current ISP-1 public IP range.

Now I want to NAT my server using an IP in the new public IP range, but server cannot connect to internet. I've checked logs and see no problem (NAT is successfull, securitiy rules is allowed).

I've no problem if I NAT using current old public IP range. So is there any configuration I have to do before using the new IP range for NAT?

1 accepted solution

Accepted Solutions

L2 Linker

Thank you all for your help,

'Cause the default route is connection to ISP-2 so I've to create a pbf rule redict it to ISP-1. And found out that my pbf rule configuration missed Next hop IP ( I thought that only Egress interface is enough).

Problem has been solved now 🙂

View solution in original post

5 REPLIES 5

Cyber Elite
Cyber Elite

Do you have only default gateway in your virtual router or have also configured policy based forwarding policies?

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Thank you Raido for your reply.

I use pbf also, because by default traffics from my server go outside via ISP-2 so I created a pbf rule redirect traffic to ISP-1.

I also add an IP in the new IP range to ISP-1 interface.

I've no ploblem when NAT using the old IP range, but when using the new IP range, connection failed.

 

If you traceroute and look at the associated session, can you see it egressing on the ISP1 interface, with the SNAT address of your new IP?

 

If so, I think it sounds like the Internet does not have a route back to your new IP. Either your ISP will need to advertise this on your behalf, or you are using BGP. If the latter, have you added the new IP into your export statements for BGP and can you confirm it is being advertised (you can see this from the BGP RIP under network > routers)?

 

Cheers,

Shannon

id you add the IP to your ISP-1 external interface?

you'll want to do that to ensure NAT and routing are using the appropriate interface to send packets out of and perform proxy arp

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L2 Linker

Thank you all for your help,

'Cause the default route is connection to ISP-2 so I've to create a pbf rule redict it to ISP-1. And found out that my pbf rule configuration missed Next hop IP ( I thought that only Egress interface is enough).

Problem has been solved now 🙂

  • 1 accepted solution
  • 3339 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!