https://community.cisco.com/t5/network-security/pix-multiple-internet-access/m-p/589660#M502210 <HTML><HEAD></HEAD><BODY><P>try this link </P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_quick_start09186a00805f725c.html" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_quick_start09186a00805f725c.html</A></P></BODY></HTML> Thu, 27 Apr 2006 13:15:08 GMT beth-martin 2006-04-27T13:15:08Z https://community.cisco.com/t5/network-security/pix-multiple-internet-access/m-p/589659#M502209 <P>Hi, </P><P></P><P>Here's my hardware layout:</P><P></P><P>I've got a Pix 515E UR w/ 6 ports @ ver7.1(2)</P><P></P><P>I've got two T1 connections to the internet.</P><P></P><P>Currently I've got the following interfaces: inside(sec level 100), outside(sec 0)(1st T1), dmz(sec 50) and T1(sec 0)(2nd T1).</P><P></P><P>The inside interface only needs access to dmz and T1.</P><P></P><P>The DMZ has an email server and I would need to restrict it to only using the outside interface to access the internet.</P><P></P><P>I've tried to do this in single context mode with no luck keeping the dmz from just access the outside interface.</P><P></P><P>Here's my question: Is this possible in single context and I'm just missing something or should I go to multiple contexts?</P><P></P><P>Thanks!</P> Fri, 21 Feb 2020 08:51:08 GMT https://community.cisco.com/t5/network-security/pix-multiple-internet-access/m-p/589659#M502209 qvoyles 2020-02-21T08:51:08Z https://community.cisco.com/t5/network-security/pix-multiple-internet-access/m-p/589660#M502210 <HTML><HEAD></HEAD><BODY><P>try this link </P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_quick_start09186a00805f725c.html" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_quick_start09186a00805f725c.html</A></P></BODY></HTML> Thu, 27 Apr 2006 13:15:08 GMT https://community.cisco.com/t5/network-security/pix-multiple-internet-access/m-p/589660#M502210 beth-martin 2006-04-27T13:15:08Z https://community.cisco.com/t5/network-security/pix-multiple-internet-access/m-p/589661#M502211 <HTML><HEAD></HEAD><BODY><P>Why don't you try a "trick"</P><P></P><P>Create PAT for devices on the inside network going towards DMZ and T1 ie.</P><P></P><P>nat (inside) 1 <INSIDE hosts=""></INSIDE></P><P>global (dmz) 1 <ROUTABLE dmz="" ip="" address=""></ROUTABLE></P><P>global (T1) 1 <ROUTABLE ip="" address=""></ROUTABLE></P><P></P><P>Restrict access from inside host to the outside interface by doing PAT using a facke NONROUTABLE address </P><P></P><P>nat (inside) 1 <INSIDE hosts=""></INSIDE></P><P>global (outside) 1 <NON-ROUTABLE ip="" address=""></NON-ROUTABLE></P><P></P><P>As the NATes IP will be nonroutable on the outside interface .. the traffic will fall on a black hole </P><P></P><P>Post it if you find it helps</P><P></P><P></P></BODY></HTML> Thu, 27 Apr 2006 23:24:09 GMT https://community.cisco.com/t5/network-security/pix-multiple-internet-access/m-p/589661#M502211 Fernando_Meza 2006-04-27T23:24:09Z