Re: Multiple ISP's connected to PIX

nkariyawasam · ‎07-30-2002

I want to connect multiple ISP's (three) connected to PIX outside interface for differenciated service.

These ISP's will gice me three different blocks of IP addresses.

I can do NAT with three different IP pools.

But, how can I create multi-homed network on PIX outside interface ?

That is, can I give multiple ( secondary ) IP address to PIX outside interface ?

edadios · ‎07-30-2002

you can not do this on the pix.

Regards,

nkariyawasam · ‎07-31-2002

Thanks,

Is it possible to connect three ISP's to three differant PIX interfaces ?

Is this a recomended solution ?

jljamison · ‎08-07-2002

First of all I think the killer is that the pix can only have one default route. Thus while your pix will receive traffic on any of 3 interfaces, the traffic back will take one and only one path, which probably won't work. You have to consider the path that inbound packets take from outside to inside servers and then back out the pix to the source.

You would be much better off implementing the multihomed routing on a separate platform, such as a 26xx or 3xxx series router. Additionally, you will have a much easier time if you get an ASN and do BGP, rather than having 3 separate IP address blocks.

IOS software has the following features that the PIX does not, that make multihoming without BGP possible: policy based routing, NAT route-maps, and multiple default routes

nkariyawasam · ‎08-07-2002

Thanks Jamison,

I already have looked at the option of NAT route-maps.

It would be great that if you could give me some referance to the other two options, ie; policy based routing and multiple default routes.