We are moving an app server to a new IP address (switching internet providers and we have both active for 1 week). This poses a problem as the app server is in use 24/7 and we cannot be down to switch the URL of the app server from one external ip address to another.
We have 2 SRX5803 routers:
Original one connected to original external ip address, nat enabled and port forwarding the traffic to the server at 192.168.1.10.
We want to connect 2nd router to new external ip address, and then connect the lans and port forward traffic to the above server at 192.168.1.10.
After we are sure both ip's are responding, we can switch the dns to the new ip address and slowly watch traffic move to the new ip address with no downtime.
We tried setting the lan of the 2nd router to 192.168.1.128 and from a pc on the router I can ping router a and router b but not the app server at 192.168.1.10. Nor can any traffic inbound on the new router get to the app erver.
We muddled with vlans's and set the new router to 192.168.2.1 and added a vlan on 1st router with forwarding enabled hooked up a cable and again i can ping both routers but not the pc directly?
dns change will bring downtime which is not huge lag much anymore nor it will not be instant either so you will see downtime anyway. I would not go crazy sync the two router.
An update, we turned off the windows firewall on the app server and vola we can now ping the app server from both routers.
However, port forwarding is not working at all on the 2nd router.
Orig router, lan is 192.168.1.1 255.255.255.0 DHCP on New router, lan is 192.168.1.128 255.255.255.0 DHCP off
App server is on the orig router, 192.168.1.10, gateway is 192.168.1.1
From the new router, on the diag page, I can ping the app server. Why, then, is it not forwarding any ports to the pc? I have double, triple checked the rule on the new router, and it is set to forward a specific port to 192.168.1.10...
We tried RDP as well and it is not working either.
We almost have this working, just this final setp.
This will never work. Here is what is going on:
Okay, traffic comes in on the second router. It forwards the traffic on through to the server. The server receives the traffic fine. Okay, now the server needs to send traffic back, so it looks at the IP address and looks at its routing table. Its routing table says that if it needs to reach 0.0.0.0/0 to send the traffic to router 1.
Router 1 will probably forward the traffic, but will change the source IP address to its WAN address. So the traffic coming back to the client has a different IP address than who it sent traffic to ---- In turn because of this, the traffic is dropped.
Your problem here is that your entry point in the network is different from your exit point (This is always a problem for NAT).
The only way I can think of to do what you are wanting to do is to assign multiple IP addresses to a single router. That way all traffic enters and exits the network from the same place.
This will never work. Here is what is going on:
Okay, traffic comes in on the second router. It forwards the traffic on through to the server. The server receives the traffic fine. Okay, now the server needs to send traffic back, so it looks at the IP address and looks at its routing table. Its routing table says that if it needs to reach 0.0.0.0/0 to send the traffic to router 1.
Router 1 will probably forward the traffic, but will change the source IP address to its WAN address. So the traffic coming back to the client has a different IP address than who it sent traffic to ---- In turn because of this, the traffic is dropped.
Your problem here is that your entry point in the network is different from your exit point (This is always a problem for NAT).
The only way I can think of to do what you are wanting to do is to assign multiple IP addresses to a single router. That way all traffic enters and exits the network from the same place.
Yes, and if the application works off of DNS, set the TTL's to 1 minute, let it run for a day (or whatever your current TTL is) to wipe out the DNS caches, and then disconnect the old Internet line.
