Using multiple front end IPs to split my internet facing applications. Seemed to solve the health probe issue with splitting static 18.104.22.168/32 azure routes between virtual routers, but inbound traffic doesn't seem to know where to go. Single public application worked no problem, as soon as second front end IP is added, the VM series stops routing. Intend to add second VMseries 300 in parallel when PoC is cleared through single.
2 Front end public IPs
2 Untrust interfaces in 2 Separate Backend pools
2 Health probes to untrust interfaces
2 Load balancing rules with client IP persistance
NAT 1 from untrust to untrust interface 1 translated to app A (private IP)
NAT 2 from untrust to untrust interface 2 translated to app B (Private IP)
Seems like routing is unsure of where to go outbound with the 2 untrust Interfaces. Static routes and virtual routers are split between traffic destined for untrust interfaces based off source.
Rather than different interfaces, I would recommend using Port Translation or secondary IPs on one Untrust interface to glue the inbound traffic to the destination nat. As you encountered, multiple interfaces will result in complex routing that is accomplished through VR mapping internal and external interfaces together or putting all Untrust Interfaces in the same zome to over come the asymmetry with multiple 0/0 outbound routes for each interface.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!