10-17-2012 01:11 AM - edited 03-11-2019 05:10 PM
Hi all ,
We are in the process of adding second isp for webhosting purposes .Is there any issue if we are making outside 2 interface on the pix .i need to host some websites through this new link ie isp2 .i had seen lot of suggestions in the forums .I need to confirm and ask some valuable doubts on the suggestions .
PIX Version 7.0(7)
Solved! Go to Solution.
10-17-2012 06:08 AM
Yes, if default route to isp1, and specific route to isp2, that will work.
But how are you going to host websites on isp2 if you don't have a default route to isp2? Isn't the web request coming from any ip addresses on the internet? or will it be coming from specific ip on the internet?
10-18-2012 05:20 AM
Do you happent to have a router in front of the ASA? Maybe you can connect the second isp there if you do.
10-17-2012 04:48 AM
No, neither PIX nor ASA supports multiple default routes via more than 1 interface unfortunately. You would need to terminate the second ISP on a router.
10-17-2012 05:25 AM
Hi Jeniffer ,
Thanks for the reply .
I am not planning multiple default route to isp1 and isp2 .
Plan
Default route to isp1 and specific route to isp2 .will it work ?
10-17-2012 06:08 AM
Yes, if default route to isp1, and specific route to isp2, that will work.
But how are you going to host websites on isp2 if you don't have a default route to isp2? Isn't the web request coming from any ip addresses on the internet? or will it be coming from specific ip on the internet?
10-18-2012 04:03 AM
Hi ,
Thank you for the reply .
web request is coming from any ip to the webserver connected to the isp2.
10-18-2012 04:05 AM
In that case, you can't configure static routes for isp2 because it's coming from any IP on the internet. You would need default route, but as advised earlier, default routes is not supported on multiple interfaces on PIX.
10-18-2012 04:49 AM
Hi halim,
Thank you for the reply.Now i understood .You have any solution for connecting second isp to the network for webhosting .
10-18-2012 05:20 AM
Do you happent to have a router in front of the ASA? Maybe you can connect the second isp there if you do.
10-21-2012 10:19 PM
Hi halim,
I have connected the second isp to the internet router .And i applied Policy based routing in the interface connected to firewall for outgoing traffic .Everything is working fine .
10-21-2012 10:29 PM
Thanks for the update, much appreciated.
10-21-2012 10:32 PM
Hi halim ,
We are now using pix 525 and we are going to replace it .What about the model
10-21-2012 11:07 PM
Here is the direct replacement for PIX525:
ie: ASA5520.
However, yes, you can definitely go ASA5550, or even the new model of ASA X series which has better specification.
Here is the model comparison for your information:
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~tab-b
10-21-2012 11:20 PM
Hi halim ,
Now my ouside interface is 100 mbps internet and last day i got a new link of 1 gbps and also in my network there are 6 zones .Is there any command for seeing the concurrent connections in the pix .Now i am using ids 4215 which is also a old one .I had seen Some new firewall is having ips features also .A firewall with ips or ips box alone is good for the webhosting data centres
10-21-2012 11:34 PM
"show conn" output, and on the first line, it will show you the current connections, as well as the maximum connection.
If you would like an IPS module, you can't use ASA5550, the highest model of ASA that supports the IPS module is ASA5540 on the ASA 5500 series, or alternatively if you are going for the new ASA 5500-X series, no additional module is required as it is built in to the ASA.
Here is the datasheet for your information:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-701808.html
Here is the datasheet for AIP module if you are interested in the 5500 series ASA:
Here is the datasheet for the IPS in the 5500-X series:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/data_sheet_c78_459036.pdf
Hope that helps.
10-22-2012 12:24 AM
Thank you for the quick response.
I had exexuted the command
it showing
28250 in use, 29752 most used
UDP out 10.1.14.250:123 in 10.15.254.1:123 idle 0:00:37 flags -
Hope i had lot of connections in the network .
what are the factors that i look for a upgradtion from current pix 525 .How can i make a study .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide