Dual ISP, failover NAT rules?



  • Hi,
    We have a Juniper SSG 140 firewall with 2 isp’s connected for redundancy.

    When one ISP fails all outbound traffic passes through the other ISP using a second gateway with lower preference.

    set route 0.0.0.0/0 interface ethernet0/5 gateway XXX preference 30

    We also have an internal VPN box that is behind the firewall that uses a MIP for NAT translation. Since the MIP is two way and bound to the interface we are unsure on the best way to change this rule and offer redundancy for inbound traffic to this VPN box.

    So we would be publishing one internal IP on two public IP addresses on the Juniper. Is this possible?

    I’ve read lots of forum posts about removing the MIP and using source and destination NAT and apparently it should … but I’m still not sure on the specifics.

    Would anyone be able to point me in the right direction on how to accomplish this?

    Thanks!




 

26
Online

38.4k
Users

12.7k
Topics

44.5k
Posts