Dual WAN IIS Setup

2

All Replies

  • P4Colin
    P4Colin Posts: 9
    First Comment

    NAT rules are Virtual Server, but we have tried 1:1 NAT as well with the same result. The "Use Static-Dynamic Route to Control 1-1 NAT Route" box is checked, but we have the same result of the traffic going out the coax WAN with the LTE address when we uncheck this box.

  • PeterUK
    PeterUK Posts: 3,389  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited July 2023

    Are you using SYSTEM_DEFAULT_WAN_TRUNK ?

    is VLAN 1001 external? with base port wan2 ?

  • P4Colin
    P4Colin Posts: 9
    First Comment

    We are using a user configured trunk, which we have setup with both members being active or VLAN1001 being passive without change in behavior.

    VLAN1001 is setup as an external interface with WAN2 being the base port (only setup this way to go through a switch then connect back to the router).

  • PeterUK
    PeterUK Posts: 3,389  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited July 2023

    Have you tired rebooting with IPv4 Policy Route to Overwrite Direct Route disabled? really only seems to be the only reason.

    I could do a test here with my Zywall 110 on a given port test…works fine

    Can you test LTE on WAN2 without VLAN or have the switch untag to zywall with LTE tagged

  • P4Colin
    P4Colin Posts: 9
    First Comment

    Just upgraded to 4.73(AAAA.2) and rebooted, same thing persists.

    VLAN 1001 is tagged on the port going into WAN2.

    It all comes to the policy route with SNAT for using an alternate IP, and I am not able to find a way to bypass this route if traffic came in the LTE connection.

  • PeterUK
    PeterUK Posts: 3,389  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited July 2023

    I don't get why your having a problem I tested with OPT my main WAN WAN2 with 10.10.10.1

    Have a NAT rule for OPT port 49141 to 80 to LAN2 IP 192.168.138.2 and have a NAT rule for WAN2 for port 49141 to 80 LAN2 IP 192.168.138.2

    With a client on WAN2 10.10.10.2 I can get to my server and from remote IP to OPT can get to my server.

    Even with a routing rule LAN2 next hop OPT

  • EdC
    EdC Posts: 9
    First Comment First Anniversary

    Sorry to bring this up again, but I have the exact same problem. Re-configured everything to look just like said above and no luck. All works well through the primary connection (WAN1) when it comes in from WAN1, but when it comes in from WAN2 is goes back out WAN1… If i physically pull the WAN1 ethernet from the USG 200 FLEX, it does failover to WAN2 (for everything) and now, obviously, inbound from WAN2 works fine. Please note that both WAN1 and WAN2 are both different carriers and my Exchange Server has two different IP addresses - one on each ISP….

    Any help would be greatly appreciated as I would like this to be active/active instead of active/passive…

  • P4Colin
    P4Colin Posts: 9
    First Comment

    Unfortunately we were never able to find a solution here, even in an active/active state on the trunk like you are stating. I wish I had a better answer.

  • PeterUK
    PeterUK Posts: 3,389  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited June 21

    All works well through the primary connection (WAN1) when it comes in from WAN1, but when it comes in from WAN2 is goes back out WAN1…If i physically pull the WAN1 ethernet from the USG 200 FLEX, it does failover to WAN2 

    Yes because ARP fails to fail over to WAN2 so make this routing rule top rule

    incoming LAN1 of the server

    show advanced

    source port like 80

    next hop WAN1

    Disable policy route automatically while Interface link down
    Enable Connectivity Check like 1.1.1.1 for every 5sec

    next rule

    incoming LAN1 of the server

    show advanced

    source port like 80

    next hop WAN2

  • EdC
    EdC Posts: 9
    First Comment First Anniversary

    if I am doing SMTP — would I change 80 to 25? or have a group of both?

Security Highlight