I've bought 1 more public IP range but cannot use it

Reply
Highlighted
L2 Linker

I've bought 1 more public IP range but cannot use it

Dear all,

I've 2 internet lines connected to 2 different ISP: ISP-1 and ISP-2. Default route to internet is the connection to ISP-2

I just bought 1 more public IP range from ISP-1 that belong to a different subnet with my current ISP-1 public IP range.

Now I want to NAT my server using an IP in the new public IP range, but server cannot connect to internet. I've checked logs and see no problem (NAT is successfull, securitiy rules is allowed).

I've no problem if I NAT using current old public IP range. So is there any configuration I have to do before using the new IP range for NAT?


Accepted Solutions
Highlighted
L2 Linker

Re: I've bought 1 more public IP range but cannot use it

Thank you all for your help,

'Cause the default route is connection to ISP-2 so I've to create a pbf rule redict it to ISP-1. And found out that my pbf rule configuration missed Next hop IP ( I thought that only Egress interface is enough).

Problem has been solved now :)

View solution in original post


All Replies
Highlighted
L7 Applicator

Re: I've bought 1 more public IP range but cannot use it

Do you have only default gateway in your virtual router or have also configured policy based forwarding policies?

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE, PCNSE, PCNSI
Highlighted
L2 Linker

Re: I've bought 1 more public IP range but cannot use it

Thank you Raido for your reply.

I use pbf also, because by default traffics from my server go outside via ISP-2 so I created a pbf rule redirect traffic to ISP-1.

I also add an IP in the new IP range to ISP-1 interface.

I've no ploblem when NAT using the old IP range, but when using the new IP range, connection failed.

 

Highlighted
L3 Networker

Re: I've bought 1 more public IP range but cannot use it

If you traceroute and look at the associated session, can you see it egressing on the ISP1 interface, with the SNAT address of your new IP?

 

If so, I think it sounds like the Internet does not have a route back to your new IP. Either your ISP will need to advertise this on your behalf, or you are using BGP. If the latter, have you added the new IP into your export statements for BGP and can you confirm it is being advertised (you can see this from the BGP RIP under network > routers)?

 

Cheers,

Shannon

Highlighted
L7 Applicator

Re: I've bought 1 more public IP range but cannot use it

id you add the IP to your ISP-1 external interface?

you'll want to do that to ensure NAT and routing are using the appropriate interface to send packets out of and perform proxy arp

reaper - PANgurus.com
I drink and I know things
Highlighted
L2 Linker

Re: I've bought 1 more public IP range but cannot use it

Thank you all for your help,

'Cause the default route is connection to ISP-2 so I've to create a pbf rule redict it to ISP-1. And found out that my pbf rule configuration missed Next hop IP ( I thought that only Egress interface is enough).

Problem has been solved now :)

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!