Inbound Traffic

Hi,

Two ISP with 2 subnets (with diffrent bandwidth ) Prefered is ISP 1

I am already having outbound policy ,this is working fine

Now I have a webserver 192.168.100.100 which is natted to an IP which is belongs to ISP 1 on ASA firewall
So I am not NATing on peplink

The problem is , I don’t have an inbound policy

The requirement is ISP 1 fails the inbound traffic should come through the ISP 2 . Please note that I am not looking for loadbalancing inbound traffic

please help ,How can I acheive this

I can do one to one NAT .One problem is I have prefernce for ISP , The prfernce is ISP 1 .

If I nat on pepling to an IP which is belongs to ISP 2 , the traffic will always go through the second ISP

And How can I solve the DNS resolution

The DNS is hosted at ISP 1 ,

Please help
Thanks

Background:
Just to make sure my understanding of your set-up is correct:

  • Two routable ISP feeds, with two different “breakout” addresses, say A and B
  • One (Balance?) multi-WAN Peplink router, with A and B being two (of the) WANs. Call it “Router”
  • Outbound rules work - you can direct outgoing traffic to A or B as you see fit. The recipient of traffic through A or B will see the routable A (or B) breakout address as the source.
  • You want the breakout address to be the one used by devices contacting Router
  • A is preferred for incoming access whenever available, B only when A is not
  • You have a DNS name for traffic destined for the above Router, say “router.domain.com”.

Assumption:
You want the traffic addressed to router.domain.com to be sent to A, unless A is down, in which case it should go to B.

Suggested solution
First of all - this is a DNS challenge (as you point out). You want a DNS resolution for router.domain.com to resolve to A or B as appropriate.

One way to achieve this is for Router to update a dynamic DNS server with its preferred IP address as A whenever A is available, and B if A is not.

Peplink’s Find My Peplink Service will handle it:

  1. Enroll Router in InControl2
  2. On the Device Detail page, activate “Find My Peplink Service”
  3. Provide a name in “Find My Peplink Address” (e.g. “MyRouter”)
  4. That creates a FQDN, “MyRouter.mypep.link”. It will resolve to the IP address Router employs to contact IC2.
  5. Create an outbound policy on Router that prioritizes WAN1 for connections to IC2. Create a new priority rule, the source being “any”, the destination being “peplink.com”, the protocol being UDP and the port 5246. WAN1 as priority 1, WAN2 as priority 2. (If you don’t want the domain check, simply omit that component and require all traffic to UDP port 5246 to go to WAN1 if available, which is what you want anyway)
  6. Create a CNAME record at your DNS server, “router.domain.com CNAME MyRouter.mypep.link.”

That should do it - all access to router.domain.com will resolve to A (if up), and to B (if A is down).

Cheers,

Z