Hey guys, I have a job with a budget-limited client who has three Cisco RV042 dual-WAN routers. They had hoped to establish rather seamless *inbound* service, which doesn't seem to be the real purpose for these units, they appear to be designed for bandwidth aggregation and/or rather seamless *outbound* service. This client is not going to be able to afford a decent router using BGP which would be the right solution as far as my uncertified total amateur with Cisco experience suggests to me. If I'm wrong please correct me

Since they have three of these routers, and three broadband connections (two different 5 IP blocks at one ISP, one 5 IP block at a second ISP) I am toying with the idea of using one router per broadband, and configuring each router for One-to-One NAT, dispensing with the dual-WAN redundancy feature.

Each router will come from a different public subnet, yet have a one-to-one NAT to the *same* internal server, for instance:

Router 1 - 74.92.X.X ---> NAT ---> 192.168.1.100

Router 2 - 67.78.X.X ---> NAT ---> 192.168.1.100

Router 3 - 97.76.X.X ---> NAT ---> 192.168.1.100

The routers will be configured on the same subnet internally. 192.168.1.1, 192.168.1.2, and 192.168.1.3 respectively. I'll use weighted multiple default gateways on the server's IP configuration, to establish their default and failover gateways.

My question is, does configuring multiple routers for one-to-one NAT to the *same* server cause any conflict or failure? You know, of the "sorry bub that private interface is already sucked up by router 1 and I can't do this" nature?

inbound I don't think so, outbound yes, a problem,
if packet comes in R3 to server 192.168.1.100
how does it know how to get back out router 3 ?
if your default gateways is R1, you can create an
asymmetrical routing issue and the firewall might drop
the traffic due to not seeing an established session.


btw, which blog are you referring to ?

_________________
"If you're good at anticipating the human mind. It leaves nothing to chance."
-Jigsaw

Thank you for your reply! The requirement for packets to always leave the way they came in isn't important, but rather I just wonder if the routers may conflict with one another, if all have a one-to-one nat to the same private network adapter. Understand that I have basic knowledge only, and I realize that NAT doesn't involve ports and such so there is no "port conflict" danger as if I configured two applications to both use port 80 or something.

I just want to ensure with experts that some similar sort of conflict won't happen among the routers, if I tell them to all NAT to the same internal IP address.

As a consequence of the way the applications work, the inbound traffic will always come in the default gateway, which is configured with a metric of 100 on the server. Should that gateway fail (router1) as a consequence of the ISP failing, traffic will start leaving the secondary gateway (router2), which is configured as a secondary default gateway with a metric of 200, on the server.

When the remote applications detect a failure to communicate on the primary public IP (geographical and weather monitoring equipment) they know to start transmitting to the second router's public IP. The server only has one effective NIC (actually two physical NIC that are bonded) and all the routers are on the same subnet internally.

if you are using
the circuits in fail over,
as one at a time,

I don't think it would
be a problem, some packets
will drop in failover

..but that would happen anyway,

_________________
"If you're good at anticipating the human mind. It leaves nothing to chance."
-Jigsaw

Not a blog post. Moved to Cisco Routing and Switching.

_________________
blog.brokennetwork.ca

You may not be bothered about asymmetric routing however it will create issues as you can't send one packet to one IP and get an ACK back from another as that's not the way TCP is designed.


Sent from my iPhone using Tapatalk

_________________
---
David
CCIE R&S #38338, CCIP, CCNP

http://networkbroadcast.co.uk - My Blog
http://twitter.com/davidrothera

To expand on what David said.

A connection comes into IP 67.78.X.X. It is forwarded to the server. Now the server goes to send it out, and it goes out from your first router. Now the client is getting a reply from 74.92.X.X. The client will drop the reply because it is expecting the reply to come from the same IP it communicated with.

-Otanx

Thanks, that was what I was thinking. We can tolerate up to five minutes of downtime.

I already know that. My question was very specific, and your reply fails to address it. In fact, all but *one* answer fails to reply to the specific question. How odd.

What I find odd is when people get all pissy when someone on the Internet offers a bit of free advice related to their problem. Relax would you?

To answer your question directly, no, no conflict will occur.

_________________
blog.brokennetwork.ca