An ISP is configured on a router with 220.127.116.11 say, we lease a block of IP's from the ISP 18.104.22.168/24. The circuit is small and gets saturated alot.
We have a new ISP 22.214.171.124 connected up to the same router. We need to keep the old ISP because of the leased block of IP's.
The routers gateway of last resort is currently 126.96.36.199, if we just changed this to 188.8.131.52, would this mean all outbound trffic goes through 184.108.40.206 our new ISP including the blocks of leased address's and would they route inbound through the samller tunnel - would that work?
It may not be possible unless you have some routing arrangements between your two ISPs.
The problem you'll run into is that your outbound traffic will leave translated to your 220.127.116.11 public IP so the inbound will be looking for that address again on the way back. What you can do is setup a separate routing table for the static public IP range for lighter traffic and let the rest use the 18.104.22.168. You could also QoS the traffic or setup a load-balancing configuration or separate appliance. You have many options but setting it up the way you are describing is just going to use one gateway at a time.
Thanks for getting back to me.
when traffic goes outbound currently, it is natted against our leased IP address of 22.214.171.124 for example, even though it goes out 126.96.36.199, so im thinking it would go out of 188.8.131.52 with the return address of 184.108.40.206, and so inbound it would route via the smaller ISP?
I dont know if that would work though?
If I understand your scenario,
When someone in another network wants to reach 65.65.65.x, it depends on the routing tables to get it there. The routing tables currently believe that 220.127.116.11 is the last hop to get to 65.65.65.x.
If you send traffic out via a different route, it will go. But you will never get a return on that second ISP - as you stated. A related or unrelated packet will appear on the slow ISP on the inbound leg.
The problem is that the outbound and inbound packets won't appear to be part of the same "session." That means things like RDP, VPN, and HTTPS won't work. Neither will a firewall recognize it as a legitimate return. If you were just pinging, an asymmetrical path would be fine. But nothing with session management or encryption will work.
Thanks, I tought that may be the case, thinking about it, my firewall has an external IP in the range we have leased, so 18.104.22.168, which then connects to a router at 22.214.171.124 and then forwards out the ISP, so would the firewall not just keep a statefull track on the 126.96.36.199 IP?