Author Topic: Dual ISP, failover NAT rules?  (Read 1158 times)

assd

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Dual ISP, failover NAT rules?
« on: October 16, 2015, 05:46:13 pm »
Hi,
We have a Juniper SSG 140 firewall with 2 isp's connected for redundancy.

When one ISP fails all outbound traffic passes through the other ISP using a second gateway with lower preference.

set route 0.0.0.0/0 interface ethernet0/5 gateway XXX preference 30



We also have an internal VPN box that is behind the firewall that uses a MIP for NAT translation. Since the MIP is two way and bound to the interface we are unsure on the best way to change this rule and offer redundancy for inbound traffic to this VPN box.

So we would be publishing one internal IP on two public IP addresses on the Juniper. Is this possible?

I've read lots of forum posts about removing the MIP and using source and destination NAT and apparently it should ... but I'm still not sure on the specifics.

Would anyone be able to point me in the right direction on how to accomplish this?

Thanks!

assd

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Dual ISP, failover NAT rules?
« Reply #1 on: October 21, 2015, 01:52:36 pm »