Can I use two public ip addresses on a single pix outside interface?

b-miner · ‎05-03-2005

Example

global (outside) 1 114.33.100.190

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

global (outside) 2 116.62.42.65

nat (inside) 2 0.0.0.0 0.0.0.0 0 0

Will this work? I have two T1's from separate ISP's. I'd like to load balance outbound per destination at least and have the hosted DNS from ISP 1 do round robin to the other ISP address. The 3640 has 2 fe interfaces each configured with one of the ISP's respective assigned ranges. (Different from the S0/0 and S0/1.

gfullage · ‎05-03-2005

You can certainly NAT internal traffic to two different external IP addresses, as long as both of those addresses get routed back to you from the Internet.

What you can't do is is have:

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (inside) 2 0.0.0.0 0.0.0.0 0 0

like you have. You need to specifically define what internal traffic is going to be NAT'd to what external IP address. Having two "nat 0 0" like you have, the PIX will only use one of them and you won't get any load-sharing.

A poor-man's way of load-sharing is to have all odd internal IP addresses NAT'd to one external address, and all even IP addresses NAT'd to the other. The following will accomplish this for you:

global (outside) 1 114.33.100.190

nat (inside) 1 0.0.0.1 0.0.0.1 0 0

global (outside) 2 116.62.42.65

nat (inside) 2 0.0.0.0 0.0.0.1 0 0