Hi Everyone,
I have two ERLs in HA (topo in the picture). Both uplinks are configured with public IPs and I use NAT on both routers. This config works good. When I configure WAN failover feature and disconnect interface pppoe0 on R1, the communication take right path (red line). I can ping and traceroute public servers and even open port 80/tcp but I can't open WEB pages or setup VPN tunnel. It seems that wan failover works corectly (I mean routing) but something blocking the communication. I've disabled all ACLs, NAT seems to work good. Any ideas, thanks a lot.
set protocols static table 2 route 0.0.0.0/0 next-hop 192.168.11.50 set load-balance group WLB interface pppoe0 route default set load-balance group WLB interface pppoe0 route-test type ping target 8.8.8.8 set load-balance group WLB interface eth1 route table 2 set load-balance group WLB interface eth1 failover-only set firewall group network-group PRIVATE_IPs network 192.168.0.0/16 set firewall group network-group PRIVATE_IPs network 172.16.0.0/12 set firewall group network-group PRIVATE_IPs network 10.0.0.0/8 set firewall modify WAN_FAILOVER_in rule 10 destination group network-group PRIVATE_IPs set firewall modify WAN_FAILOVER_in rule 10 action modify set firewall modify WAN_FAILOVER_in rule 10 modify table main set firewall modify WAN_FAILOVER_in rule 20 action modify set firewall modify WAN_FAILOVER_in rule 20 modify lb-group WLB set interfaces ethernet eth0 vif 30 firewall in modify WAN_FAILOVER_in set interfaces ethernet eth0 vif 80 firewall in modify WAN_FAILOVER_in set interfaces ethernet eth0 vif 90 firewall in modify WAN_FAILOVER_in set interfaces ethernet eth0 vif 100 firewall in modify WAN_FAILOVER_in
