Chip_Tesch_1839
Mar 19, 2009Nimbostratus
LC balancing inbound and outbound static NAT
I have a situation in which I need to link balance two ISP links for several “inside” firewalls. Servers behind the firewalls initiate traffic outbound to the Internet, through the Big-IP Link Controllers. Some of the Internet service providers expect one of the two specific IP addresses (one each ISP’s address space) in order to accept a service request. I can only define NAT for one of the two ISP addresses – trying to use ISP2’s address, after setting up NAT with ISP1’s address, I get the “duplicate index” error on the inside address (the firewall’s outside address).
The problem with using a static NAT in this scenario, obviously, is if the Link Controller balances the outbound connection through ISP2’s link, (1) the ISP2 router will not forward an “invalid” source address, and also (2) the return traffic will only ever use ISP1.
Is there a way, perhaps using an iRule, to specify an outbound, destination NAT address to use for a session, after the link balance decision is made, from an address in the selected ISP’s address space?