We have a pix receiving two ip transit feeds from two isps on different interfaces. The default gateway for the outbound traffic is thru the preferred ISP, but causes problems receiving traffic from the alternative ISP and blocks traffic due to the default route being different to the original source. The problem goes if I disable ip spoof checking on the 2ndary interface, but I guess this increases the potential compromise risk. Any advice on how to get round this problem?