cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
359
Views
0
Helpful
3
Replies

pix 515e 2 outside gateways route smtp to one, http to the other

S.Visser
Level 1
Level 1

LS,

we just acquired an dsl line next to our leased line, the problem is that we would like to route our http traffic to the new dsl line and maintain smtp traffic to our leased line.

the pix was setup with a dmz and in the dmz an ISA server, the clients are authenticated by the isa before the can use the internet.

The question is:

How can we separate the http traffic and send it to the new gateway ( outside_pixIP, old_gatewayIP and new DSL_gatewayIP are already on the same subnet )

should i make use of service groups for separating http from smtp?

do i have to add a static route in the system properties ?

I am a newbie to pix firewall config so i would like to use the http interface.

Steven

3 Replies 3

nkhawaja
Cisco Employee
Cisco Employee

How would you achieve this? it seems not possible.

You can have two default routes, but only one will be always used unless it is down. You can use OSPF's Equal Cost Multipath feature, but then again, it will always be based on IPs/packets, and not on the protocol, e.g. HTTP or SMTP.

The best you can do is place another router in front of the pix with policy routing configured so that it send out HTTP traffic from one gateway and SMTP traffic from the other.

Thanks

Nadeem

Nadeem, thank you for your answer.

We have a cisco 1720 router in front of our firewall

I will look into the manual for policy routing or can you give me a clue where I can find it in the configuration.

with kind regards Steven

Hi,

Here is a link that talks more about it

http://www.cisco.com/warp/public/cc/techno/protocol/tech/plicy_wp.htm

Thanks

Nadeem

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: