NAT Multiple external IP's to a single inside host

cancel
Showing results for 
Search instead for 
Did you mean: 

NAT Multiple external IP's to a single inside host

Not applicable

I'm trying to find documentation and/or any help to see if PAN firewalls are capable of NATing Two external IP's to a single host IP.

My scenario:

ISP1 204.23.123.123

                               ----------> Internal host 10.10.10.10

ISP2 79.23.123.123

I have tried searching documentation as well as contacting support and I have not received any answers. I need to get this up quickly if possible. Any and all help is appreciated.

3 REPLIES 3

L4 Transporter

The problem you will have is the return traffic.  If the DEFAULT GATEWAY is ISP1, all of traffic from ISP2 will exit ISP1. I would suggest 2 virtual routers, one for each ISP so each canhave a separate default gateway. When you NAT the traffic inbound you will need to make the packets look like the original source was the LAN interface of the VR that processed the packet. The Server will basically see traffic from only 2 IP addresses so it will respond to the correct ISP. I have not tried this but it should be possible.

Steve Krall

Thank you for the response. I understand how to create a virtual router. My other questions then are:

After creating the new virtual router for each ISP, how will I get all other traffic to exit the faster ISP interface?

Also, How would I configure the scenario you suggest? Would this be with policy based forwarding?  "When you NAT the traffic inbound you will need to make the packets look  like the original source was the LAN interface of the VR that processed  the packet. The Server will basically see traffic from only 2 IP  addresses so it will respond to the correct ISP. I have not tried this  but it should be possible."

Again thank you for the insight and if there is documentation for me to read and configure. I'm happy to read it. I am still new with PAN firewalls, so I might not know what the correct procedures are, but I'm willing to put the time in to learn.

L1 Bithead

this is very easy , we have done this even with three ISPs not just two, all you have to do is to apply policy based routing on the internet router Smiley Happy.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!