Hi all,
One of my clients has recently moved to another office with two internet connections. One primary and one secondary.
These WAN-connections are setup using Spillover-algorithm under Network > Interface > Trunk, named WAN_TRUNK_DEFAULT.
The goal is to have automatic fail-over to wan2 in case wan1 becomes inactive or is being down.
Is the correct way of determining if a wan-connection is active or not by setting up Connectivity checks, e.g. using ICMP test towards 8.8.8.8 (Google DNS)? I.e. Will this setup trigger an fail-over to wan2 - and how long would that fail-over take?
From the primary internet connection (wan1) the client gets 10 static ip-addresses. These addresses are allocated using static ip address configuration on the interface, e.g. 123.123.123.126/255.255.255.242. All external ip-addresses has an host object, e.g. WAN1_EXT_123-123-123-127 with host address 123.123.123.127.
My client have requested that some of the personnel in the office has another outgoing ip-address, e.g.
John Doe outbound traffic using 123.123.123.127.
Mary Jane Watson outbound traffic using 123.123.123.128.
Default (LAN1) outbound traffic using 123.123.123.126.
I have set up a default Policy Route to utilize WAN_TRUNK_DEFAULT for the default, resulting in outbound traffic via 123.123.123.126.
However, when I create a Policy Route for e.g. John Doe to use Source Network Address Translation (SNAT) with e.g. WAN1_EXT_123-123-123-127 this results in no internet connection. Is this a correct setup or I'm I missing something?
Final;
Let's pretend we get the SNAT going. I.e. some users are going out using their own ip-address. Everyone is happy.
Now; What will happen when wan1 becomes inactive for those users with SNAT?
Here we have a Policy Route telling us that John Doe should be routed via a specific ip-address, belongs to wan1.
When wan2 kicks in; will John Doe is still trying to SNAT using address 123.123.123.127.
Obviously this will fail, but how can John access internet using wan2 without disabling that Policy Route forcing him to use SNAT?
I appreciate all answers.
Thanks in advance.
↧