https://community.cisco.com/t5/network-security/2-isp-connections/m-p/716026#M1005803 <P>Hi,</P><P></P><P>I am after configuring 2 ISP connections on my perimeter router; the connection from ISP A is to be dedicated for regular users internet access and for some servers' inbound access. On the other hand, connection from ISP B is dedicated for VIP users internet access and for VIP servers' inbound access. </P><P></P><P>I have a PIX FW running ver 6.3 behind the router. Now, as you know each ISP is giving a different public address range so what is the best configuration to control the traffic in the way I need ?</P><P></P><P>I have already tried to configure 2 connections b/ the router and the PIX, each is having the public range from different ISP, but since the PIX doesnt do source-based routing as in the router so I faced problems because always the traffic is routed to the default route which is in my case ISP A!!</P><P></P><P>I am thinking of configuring NATing for traffic intended for ISP B on the router itself on a loopback interface in the following manner: </P><P>-there is only one link b/ the router and the PIX which has ISP A public address</P><P>- A loopback on the router has ISP B public range.</P><P>- All the servers are on the same DMZ on the PIX</P><P>- Servers intended on ISP A will be NATed normally on the PIX iteself</P><P>- Servers and traffic intended for ISP B will be NATed 1st on the PIX and then on the router's loopback interface. </P><P></P><P>Please give me your recommendations and advise whether there are other scenarios for achieving what I am after or whether there is a way to achieve this on the PIX.</P><P></P><P>Thanks,</P><P>Haitham</P> Mon, 11 Mar 2019 10:06:10 GMT haithamnofal 2019-03-11T10:06:10Z https://community.cisco.com/t5/network-security/2-isp-connections/m-p/716026#M1005803 <P>Hi,</P><P></P><P>I am after configuring 2 ISP connections on my perimeter router; the connection from ISP A is to be dedicated for regular users internet access and for some servers' inbound access. On the other hand, connection from ISP B is dedicated for VIP users internet access and for VIP servers' inbound access. </P><P></P><P>I have a PIX FW running ver 6.3 behind the router. Now, as you know each ISP is giving a different public address range so what is the best configuration to control the traffic in the way I need ?</P><P></P><P>I have already tried to configure 2 connections b/ the router and the PIX, each is having the public range from different ISP, but since the PIX doesnt do source-based routing as in the router so I faced problems because always the traffic is routed to the default route which is in my case ISP A!!</P><P></P><P>I am thinking of configuring NATing for traffic intended for ISP B on the router itself on a loopback interface in the following manner: </P><P>-there is only one link b/ the router and the PIX which has ISP A public address</P><P>- A loopback on the router has ISP B public range.</P><P>- All the servers are on the same DMZ on the PIX</P><P>- Servers intended on ISP A will be NATed normally on the PIX iteself</P><P>- Servers and traffic intended for ISP B will be NATed 1st on the PIX and then on the router's loopback interface. </P><P></P><P>Please give me your recommendations and advise whether there are other scenarios for achieving what I am after or whether there is a way to achieve this on the PIX.</P><P></P><P>Thanks,</P><P>Haitham</P> Mon, 11 Mar 2019 10:06:10 GMT https://community.cisco.com/t5/network-security/2-isp-connections/m-p/716026#M1005803 haithamnofal 2019-03-11T10:06:10Z https://community.cisco.com/t5/network-security/2-isp-connections/m-p/716027#M1005804 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>I got what I want through the following; I just wanted to tell you how in case you needed to implement something similar in the future. Basically, do the following: </P><P></P><P>1- leave the connection between the PIX and the router to have the public range provided by ISP A </P><P></P><P>2- Place the server you want it to have public IP from ISP B range on the PIX DMZ where you have your public servers </P><P></P><P>3- Do static NAT for the server which needs to be accessible on ISP B's IP to have a public IP from ISP B range. Whil the rest of the servers will be NATted on ISP A address range. </P><P></P><P>4- Configure a route on the perimeter router for the ISP B public range to be routable through the PIX outside interface (which is part of ISP A public range). </P><P></P><P>If you have any questions, please don't hesitate to contact me. </P><P></P><P>Regards, </P><P>Haitham </P><P></P></BODY></HTML> Mon, 30 Apr 2007 17:31:41 GMT https://community.cisco.com/t5/network-security/2-isp-connections/m-p/716027#M1005804 haithamnofal 2007-04-30T17:31:41Z