We have a business partner that sends print jobs to a print server in our network. This business partner can connect to us via our primary and secondary datacenters through an SRX at each location. They cannot route natively to the IP of the printer, so we must use NAT, but they can only input one entry into their software for the printer. In my mind, the following would work, but I don't really see this setup discussed much online, please let me know if this would be successful, or if I'm missing something:
Printer Native IP = 1.1.1.1
Business Partner sees 2.2.2.2
Business partner routes to 2.2.2.2 over primary link SRX and backup link SRX with appropriate cost/preference.
On both SRX's, we DNAT 2.2.2.2 to 1.1.1.1 on the outside and then source NAT on the inside before the traffic is sent into our internal network to the print server. This way, if the print server needs to respond, it takes the appropriate path to pass through the SRX that did the DNAT.
I don't really see how this would cause any issues since these aren't static NAT's.
Any input? I would love to just put the NATs at our core firewalls so they're closest to the end devices, but the print server is not on a subnet that we segregate there.
Any help would be appreciated.
Thanks!