Hello all,
I have an SRX210, and 2 ISP's. Here is my scenario:
ISP 1 gives me a single static IP on fe-0/0/7 in subnet A, This is a single IP that exists on that interface.
ISP 2 gives me a static IP on fe-0/0/6 in subnet B. Same as above, single IP that exists directly on that interface.
ISP 1 then routes me a subnet C which comes to my router on Lo0, which is a /28. I use these IP's for my primary outbound traffic, inbound services, etc.. I have policies to direct particular devices within my network to set the outbound IP as one of the addresses within the subnet C including my general access. Example would be general access uses 1.1.1.1, server 1 uses 1.1.1.2, server 2 uses 1.1.1.3, etc... This allows SSL to work right on inbound traffic, outbound to look like it's the right IP, etc. Also allows me to setup rules at my clients sites, to allow only 1.1.1.1 to access their network and I can get in when I need to.
What I'd like to do is have the ability to fail over to ISP 2 in the case of ISP 1 failure, for outboud traffic. I know inbound wont work as I'm working with bottom tier ISP's who don't offer BGP.
The problem is that since I set my outbound IP directly through a policy, how do I get an entire new policy structure to take effect when ISP 1 is having issues? I have read several articles about how to do dual ISP with failover, but they don't take into account loopback/routed interfaces.
Attached is a small snippet of code that shows how it's setup for the outbound. If I remove the address off the outbound then all my outbound requests show to the intewebs as ISP1 static (2.2.2.2). The way it is I can direct the IP that external servers/services see.
Thanks!
Sean Garland
Garland Tech