Get answers from your peers along with millions of IT pros who visit Spiceworks.
Join Now

Hi All,

An ISP is configured on a router with 100.1.1.1 say, we lease a block of IP's from the ISP 65.65.65.0/24. The circuit is small and gets saturated alot.

We have a new ISP 200.1.1.1 connected up to the same router. We need to keep the old ISP because of the leased block of IP's.

The routers gateway of last resort is currently 100.1.1.1, if we just changed this to 200.1.1.1, would this mean all outbound trffic goes through 200.1.1.1 our new ISP including the blocks of leased address's and would they route inbound through the samller tunnel - would that work?


Learn General Networking with this beginner Article
Creating a new network can be daunting, but assessing the hardware needn’t be. Regardless of the size of your organization — from a few ...
Helpdesk icon
Spiceworks Help Desk

The help desk software for IT. Free.

Track users' IT needs, easily, and with only the features you need.

5 Replies

· · ·
Haneesh
Jalapeno
OP
Haneesh

It may not be possible unless you have some routing arrangements between your two ISPs.

1
· · ·
bmayer
Jalapeno
OP
bmayer

The problem you'll run into is that your outbound traffic will leave translated to your 200.1.1.1 public IP so the inbound will be looking for that address again on the way back. What you can do is setup a separate routing table for the static public IP range for lighter traffic and let the rest use the 200.1.1.1. You could also QoS the traffic or setup a load-balancing configuration or separate appliance. You have many options but setting it up the way you are describing is just going to use one gateway at a time. 

0
· · ·
mikelacey
Pimiento
OP
mikelacey

Thanks for getting back to me.

when traffic goes outbound currently, it is natted against our leased IP address of 65.65.65.1 for example, even though it goes out 100.1.1.1, so im thinking it would go out of 200.1.1.1 with the return address of 65.65.65.1, and so inbound it would route via the smaller ISP?

I dont know if that would work though?

0
· · ·
Robert5205
Mace
OP
Robert5205

If I understand your scenario,

When someone in another network wants to reach 65.65.65.x, it depends on the routing tables to get it there. The routing tables currently believe that 100.1.1.1 is the last hop to get to 65.65.65.x.

If you send traffic out via a different route, it will go. But you will never get a return on that second ISP - as you stated. A related or unrelated packet will appear on the slow ISP on the inbound leg.

The problem is that the outbound and inbound packets won't appear to be part of the same "session." That means things like RDP, VPN, and HTTPS won't work. Neither will a firewall recognize it as a legitimate return. If you were just pinging, an asymmetrical path would be fine. But nothing with session management or encryption will work.

0
· · ·
mikelacey
Pimiento
OP
mikelacey

Thanks, I tought that may be the case, thinking about it, my firewall has an external IP in the range we have leased, so 65.65.65.2, which then connects to a router at 65.65.65.1 and then forwards out the ISP, so would the firewall not just keep a statefull track on the 65.65.65.1 IP?

0
Oops, something's wrong below.