10-14-2003 02:29 AM - edited 02-20-2020 11:02 PM
LS,
we just acquired an dsl line next to our leased line, the problem is that we would like to route our http traffic to the new dsl line and maintain smtp traffic to our leased line.
the pix was setup with a dmz and in the dmz an ISA server, the clients are authenticated by the isa before the can use the internet.
The question is:
How can we separate the http traffic and send it to the new gateway ( outside_pixIP, old_gatewayIP and new DSL_gatewayIP are already on the same subnet )
should i make use of service groups for separating http from smtp?
do i have to add a static route in the system properties ?
I am a newbie to pix firewall config so i would like to use the http interface.
Steven
10-14-2003 11:35 AM
How would you achieve this? it seems not possible.
You can have two default routes, but only one will be always used unless it is down. You can use OSPF's Equal Cost Multipath feature, but then again, it will always be based on IPs/packets, and not on the protocol, e.g. HTTP or SMTP.
The best you can do is place another router in front of the pix with policy routing configured so that it send out HTTP traffic from one gateway and SMTP traffic from the other.
Thanks
Nadeem
10-15-2003 01:04 AM
Nadeem, thank you for your answer.
We have a cisco 1720 router in front of our firewall
I will look into the manual for policy routing or can you give me a clue where I can find it in the configuration.
with kind regards Steven
10-15-2003 07:47 PM
Hi,
Here is a link that talks more about it
http://www.cisco.com/warp/public/cc/techno/protocol/tech/plicy_wp.htm
Thanks
Nadeem
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: