You are here: Workload protection > Data protection > Establishing a connection across a NAT or firewall

Establishing a connection across a NAT or firewall

If you are in an IPv4 environment and your source and target are on opposite sides of a NAT or firewall, you will need special configurations to accommodate the complex network environment. Additionally, you must have the hardware already in place and know how to configure the hardware ports. If you do not, see the reference manual for your hardware.

In this environment, you must have static mapping where a single, internal IP address is always mapped in a one-to-one correlation to a single, external IP address. Double-Take Availability cannot handle dynamic mappings where a single, internal IP address can be mapped to any one of a group of external IP addresses managed by the router.

Double-Take Availability uses specific ports for communication between the Double-Take Availability servers and Double-Take Availability clients. In order to use Double-Take Availability through a NAT or firewall, you must first verify the current Double-Take Availability port settings so that you can open the correct ports on your hardware to allow Double-Take Availability machines to communicate with each other. By default, Double-Take Availability uses port 6320 for all communications. If you have changed your Double-Take Availability port, you will need to identify what port number is being used. The port setting can be found in the following locations.

Replication Console—From the Replication Console, select File, Options, and the Configuration tab.
Failover Control Center—From the Failover Control Center, select Settings, Communications.
Double-Take Availability server—From the Replication Console, right-click on a server in the tree in the left pane of the Replication Console, select Properties, and the Network tab.

Note:

If you change any of the port settings, you must stop and restart the Double-Take service for the new port setting to take effect.

You need to configure your hardware so that Double-Take Availability traffic is permitted access through the router and directed appropriately. Configure your router identifying each Double-Take Availability server, its IP address, and the Double-Take Availability and router ports. Also, note the following caveats.

Since Double-Take Availability communication occurs bidirectionally, make sure you configure your router for both incoming and outgoing traffic for all of your Double-Take Availability servers and Double-Take Availability clients.
Double-Take Availability failover can use ICMP pings to determine if the source server is online. If you are going to use ICMP pings and a router between the source and target is blocking ICMP traffic, failover monitors cannot be created or used. In this situation, you must configure your router to allow ICMP pings between the source and target.

Since there are many types of hardware on the market, each can be configured differently. See your hardware reference manual for instructions on setting up your particular router.

Manually insert the servers, by selecting Insert, Server. Type the IP address of the router the server is connected to and the port number the server is using for heartbeats.
Once your server is inserted in the Replication Console, use the Connection Manager to establish your connection. When specifying the Route on the Connection Manager Servers tab, you can manually enter the external IP address so traffic is routed appropriately.