The short answer is that you can bring things in from anywhere you like, but
the return outbound acknowledgement is going to follow the normal TCP/IP
routing mechinsm regaurdless. Meaning the outbound will always follow the
"Default Path" (Default Gateway) no matter what. The inbound request and
the outbound acknowledgement are two separate things will always operate
independently.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
"Ken" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> NOTE: This was originally posted in microsoft.public.inetserver.iis
> newsgroup. It was
> suggested over there that this might be the more appropriate forum. Sorry
> for the
> cross-post. I'm hoping I can get an answer to my IIS question so I can
get
> on with
> the build of these routers. Thanks in advance for any assistance . . .
Ken
>
> Original Post:
>
> I'm trying to set up a low cost automated router failover configuration
for
> an IIS6.0 server.
>
> What happens with the traffic when you have an IIS web site configured to
> respond to multiple IP addresses? For example, let's say that the IIS6.0
> server is set up to with IP addresses 192.168.10.100 and 192.168.11.100
> (these are NAT'ed addresses from two ISPs public IP addresses, call them
> ISP10 and ISP11). Let us also assume that all traffic to the web server
> will originate from the public Internet and will go through NAT
translation
> to the internal address non-routable addresses (ISP10's traffic NAT'ed to
> 192.168.10.100 through Router10 and ISP11's traffic to 192.168.11.100
> through Router11). Furthermore, the default gateway for the web server
> machine is 192.168.10.1 (Router10).
>
> If a request comes in on Router10, it will be NAT'ed to 192.168.10.100.
The
> web server will process it and route the response back out through the
> default gateway to 192.168.10.1. This is fine and good (and simple). The
> outbound response will have a source IP address of 192.168.10.100 (before
> the outbound NAT translation).
>
> Now my question is what happens to requests that come in through the 2nd
> ISP's router? They will be NAT'ed to 192.168.11.100 and routed out the
LAN
> side interface to be picked up by the web server. When the web server
> responds, the destination address is going to be outside the internal
> network so it is going to be sent out through the interface associated
with
> the Gateway address (on Router10), rather than through the originating
> router. What will be the source IP address on the response packets? Will
> it be 192.168.11.100 (consistent with the inbound routing) or will it be
> 192.168.10.100 (consistent with the outbound routing)?
>
> This question comes up because I am trying to set up a pair of Cisco
routers
> with Hot Standby Router Protocol (HSRP) to provide automatic backup if one
> or the other fails. Both will be configured with both ISP's public
> addresses on their WAN side (although normally, only one ISP's traffic
will
> be handled by each -- both are configured to handle all the traffic if
its
> companion fails). Each will NAT its inbound traffic over to one or the
> other of two internal network IP addresses. I will use round robin DNS
> scheduling to load-balance the inbound traffic between the two ISP's.
>
> If the return traffic's source IP is returned as the same as the
destination
> of the inbound request, I can set up a Policy-Based Routing (PBR) rule on
> both routers to return the responses back out through the originating
ISP's
> public IP addresses (so the returned traffic will have the same Source IP
> address as the inbound traffic's Destination IP address which will prevent
> the browser's Intrusion Detection/Protection system from thinking that the
> addresses have been spoofed). I need the return traffic to come back out
> with the same address as the inbound traffic for the PBR to work, though.
>
> Please respond to the newsgroup. Thanks in advance for any responses.
>
>
>
Similar Threads
Linear Mode
