Community discussions

 
asa
just joined
Topic Author
Posts: 22
Joined: Tue Jul 02, 2013 11:38 am

VRRP and dstnat

Sun Aug 11, 2013 8:15 pm

Hello
I've successfully configured VRRP+OSPF with two RB2011UAS and everything works brilliant for connections from my network. But I have trouble with incoming connections when both routers are working.

My config:
Virtual GW IP: 192.168.88.1
RB1 IP(master VRRP): 192.168.88.2
RB2 IP(backup VRRP): 192.168.88.3
Server IP: 192.168.88.210

I've set dstnat rules to Server from WAN on both RB. If connection initiates through RB1 it will work but when it starts through RB2 I've got situation when RB2 sends SYN packet directly to Server (because 192.168.88.0/24 is connected route for RB2) but Server sends SYN+ACK packet through RB1 (which owns 192.168.88.1 as master VRRP) and connection terminates.

How can I configure routers to handle incoming connections correctly?
 
odge
Member Candidate
Member Candidate
Posts: 102
Joined: Mon Nov 29, 2010 2:53 pm

Re: VRRP and dstnat

Mon Sep 02, 2013 2:45 pm

Did you come right with this?

We have a public VRRP and private VRRP, but our uplink is not sending packets to a different address block for routing. If MTA doesn't hold the Public VRRP address, shouldn't it be forwarding it to the other MTB, which can then handle the inside and outside NAT... but no luck on this. If primary MT receives the packet, it doesn't reach MTB via forwarding.
 
odge
Member Candidate
Member Candidate
Posts: 102
Joined: Mon Nov 29, 2010 2:53 pm

Re: VRRP and dstnat

Thu Oct 10, 2013 10:08 am

You need to control which MT is going to receive the connection. So if you can use bgp. Then tell your isp which is the right MT. If you can can't control which MT gets the incoming connection, then dont use VRRP or You,ll have to masquerade to yourinternl network. (Sothatthe server thinksdisconnection is coming from the internal ip of the MT.

Who is online

Users browsing this forum: No registered users and 33 guests