We have two ISPs each providing a separate 27bit address allocation. We then subnet the 27bit network into 2 separate 28bit networks. For each ISP, one 28bit network is bound to our DMZ network, whilst the other 28bit network is for WAN connectivity. We have two Nokia (Checkpoint) firewalls, each configured with a WAN interface in one 28bit network , another interface configured in the other 28bit network, and a third interface configured for our LAN.
In our DMZ we have a webserver with dual NICs. Each NIC one is bound to one of the 28bit networks on each firewall.
The problem is that currently all of our DNS records point to the ip addresses supplied by ISP2 (there is no DNS RoundRobin Load Balancing taking place) If someone visits the server via the DNS name (ISP2) everything works perfectly, however if you try to access the server via an ip address from ISP1 you get no response.
This is because the default GW of the servers is FW2, so all public internet traffic is routed via FW2 even if it came in via FW1. If I change the routing on the webserver so that FW1 is the GW everything works as you expect, except it takes the server out of service for users coming in from ISP2.
My question is does anyone know if there is a way to make a windows machine respond ONLY via the interface on which it receives a request. This would allow me to configure identical (mirrored) routing configuration on both servers, so that the system would decide which route to choose based on the interface that it received the packet.
I know this is not an ideal situation in the first place, but I need to maintain 2 isps and two public IP addresses (one from each isp) on each server other suggestions on how to achive this would also be welcomed. I have not ruled out the idea of throwing extra kit at this to make it fly (proxy boxes/load balancers etc)