I need to setup 1:1 NAT on an MX250 so that in the event that my primary WAN uplink fails, inbound traffic will NAT via the secondary WAN uplink.
I have read the below guide that illustrates that a secondary NAT rule can be configured for failover using a different uplink, however, this uses a separate public IP address. In my scenario, the ISP will automatically advertise the /29 public IP address block via uplink Internet 2 (using static routes that are advertised into BGP) in the event that the primary internet connections fails.
Is this possible on the MX? Unfortunately I dont have one available to test this with.
Are you unable to use a Virtual IP in this scenario and just connect WAN 1 port on each MX? This would allow you to leave the NAT rules alone.
Sorry forgot to mention - I'm only trying to achieve internet resiliency here and not MX appliance resiliency. When the primary internet circuit fails that carries the /29 prefix used for 1:1 NAT, I need that /29 prefix to route to the secondary internet connection, which is possible on the ISPs side, and NAT on the MX.
Essentially I will be duplicating the NAT rules for each uplink but I dont know if this is possible
I see two options.
1. Have the ISP terminate the two ISP connections onto a seperate switch, and then plug that into the WAN1 on your MX.
2. Have the ISP connect to each WAN port of the MX using a /30 stub. Then route the /29 down one of the links, and in the event of a failure, route it over the other. This approach is going to require you to have an exceptional ISP, so I would go with option 1.
Our ISP has checked and confirmed that option 2 is possible so that is not the issue. The issue is that I'm not sure if the MX will support the same 1:1 NAT rules via both Internet 1 and Internet 2 interfaces. For example, if my public IP block is 188.8.131.52/29 and public IP 184.108.40.206 NATs to internal 192.168.1.1 via Internet1 during normal operation, then what happens when the ISP detects a failure and routes 220.127.116.11/29 to Internet2? Can I setup the same NAT rules on both WAN uplinks to support this?
I'm pretty sure you'll need to NAT to a different IP for the WAN 2 rule. Can you go for the other option @PhilipDAth presented so this isn't an issue?
Yes the MX can support having the same NAT on both WAN links. Here is the info on configuring it:
You simply specify Uplink as Both.