configuring Multiple Internet Gateways using PIX Firewall

meensun · ‎01-11-2005

I have a requirement of providing Internet access to INSIDE users based on groups using a PIX firewall with multiple Zones connecting to 3 Internet uplinks ( different modes like 1 Leased Line, 1 ADSL & 1 ISDN ) as shown in the enclosed slide.

Can somebody suggest me the configuration to be done in PIX firewall for accomodating this multiple Internet gateways or any workaround solution to suit my requirement.

Thnking you in advance

Sundar

erickflamenco · ‎01-11-2005

group1 let's say 172.16.10.0 can leave interface 0

nat (inside) 1 172.16.10.0 255.255.255.0

global (outside) 1 interface

group2 172.16.20.0 can leave interface 2

nat (inside) 2 172.16.20.0 255.255.255.0

global (dmz1) 2 interface

group3 172.16.30.0 can leave interface 3

nat (inside) 3 172.16.30.0 255.255.255.0

global (dmz2) 3 interface

Erick

sachin · ‎01-11-2005

It is not possible to do on PIX. As you can have single default gateway on PIX so your entire internet traffic will always go with single link only.

You need to have Router for this.

HTH ,

Sachin Jain

sachin · ‎01-12-2005

Please refer the below link

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a0080094874.shtml

and go to the question---

Can I connect two different ISPs to my Cisco Secure PIX Firewall (for load-balancing)?

HTH,

Sachin Jain

erickflamenco · ‎01-12-2005

As you could see in the diagram, the guy is using three diferent interfaces, one for each ISP.

If he has problem with not so independent network segments to route the source traffic, he can use access-lists instead well defined networks on nat command.

Erick

jason.aarons · ‎01-12-2005

Focus on delivering it to your outside interface, then have a router select circuit based upon policy based routing.