Why cannot I access the online banking in multi-egress scenarios

For the sake of online banking system security, unreachable source IP addresses cannot exist. When performing load balancing, an AR may load balance the traffic for accessing the online banking system to different outbound interfaces using the Hash algorithm. As a result, when IP addresses are translated to different source IP addresses after NAT is implemented on these interfaces, the online banking system will reject the traffic, causing an access failure.
The online banking system of some banks does not support dual-egress access. In this scenario, you can implement load balancing based on source IP addresses to ensure that the incoming and outgoing traffic for accessing the online banking is from a fixed interface.
For example, configure load balancing based on a source IP address.
[Huawei]ip load-balance hash src-ip

Scroll to top