Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 5949 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Resolve same hostname with multiple public IPs

tama

Hi community,

i haven't found any matching topics even though some of them pointed in the same direction.

We have contracts with 3 ISPs, each of them offering one public IP. Let's call them DSL1, DSL2, DSL3. 

DSL1 & DSL2 = 16 MBit/s , DSL3 = 100 MBit/s.

Now our UTM is named say utm.abcdefg.com resolved by the IP of DSL1. We have a NAT rule telling the devices behind the Firewall to use DSL3 for Web Surfing and DSL1 (since it is the most stable one) for MySQL ODBC connections.

Two weeks ago we had a power blackout which left the DSL1-modem in a powered-off state, resulting in failures on all PCs using MySQL ODBC connections. When i wanted to use VPN from my home to see what's wrong i naturally didn't reach the UTM by the DSL1 IP. My colleague investigated the case before me and tore the DSL3 line off the firewall. All this was quite a shame for the IT dept. because we weren't able to help properly.

Now, here comes my question: Is it possible - without using reserve proxies or other fancy techniques - to assign more than just the DSL1 IP to the hostname utm.abcdefg.com?

I hope you are able to understand what i just wrote. Any help ist very welcome.

Cheers in advance

Tama



This thread was automatically locked due to age.
  • 0

    If I understand correctly, IT dept. couldn't made SSL VPN connection to utm.abcdefg.com DNS hostname because that names resolves to DSL1 IP (which was unavailable at that time) ?

  • 0

    tama said:
    Now, here comes my question: Is it possible - without using reserve proxies or other fancy techniques - to assign more than just the DSL1 IP to the hostname utm.abcdefg.com?

    Yes, it is possible to have a hostname resolve to more than one IP address - but I suspect that it is not a proper solution for the stated (and inferred) problems.

  • 0 in reply to vilic

    Thank you very much for the replies!

    vilic said:

    If I understand correctly, IT dept. couldn't made SSL VPN connection to utm.abcdefg.com DNS hostname because that names resolves to DSL1 IP (which was unavailable at that time) ?

    Correct, and now i need to have the DNS hostname to automatically resolve to DSL2 oder DSL3 interface in case DSL1 is offline.

    teched said:

    Yes, it is possible to have a hostname resolve to more than one IP address - but I suspect that it is not a proper solution for the stated (and inferred) problems.

    Actually, this is exactly what i am looking for :)

  • 0 in reply to tama

    As teched says, that's probably not a good solution for your stated purpose.  I can see two ways to resolve this:

    1. Free: Have a separate FQDN for each ISP connection and provide the extra configuration files to SSL VPN users.
    2. Convenient: Use a fail-over DNS service that keeps track of when a connection is down and switches resolution to another IP.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML