Hi Jeniffer ,

   Thanks for the reply .

I am not planning multiple default route to isp1 and isp2 .

Plan

Default route to isp1 and specific route to isp2 .will it work ?

Hi ,

Thank you for the reply .

web request is coming from any ip to the webserver connected to the isp2.

In that case, you can't configure static routes for isp2 because it's coming from any IP on the internet. You would need default route, but as advised earlier, default routes is not supported on multiple interfaces on PIX.

Hi halim,

Thank you for the reply.Now i understood .You have any solution for connecting second isp to the network for webhosting .

Hi halim,

  I have connected the second isp to the internet router .And i applied Policy based routing in the interface connected  to firewall for outgoing traffic .Everything is working fine .

Thanks for the update, much appreciated.

Hi halim ,

  We are now using pix 525 and we are going to replace it .What about the model

ASA5550-BUN-K9  ?

Here is the direct replacement for PIX525:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/end_of_life_notice_cisco_pix_525_sec_app.html

ie: ASA5520.

However, yes, you can definitely go ASA5550, or even the new model of ASA X series which has better specification.

Here is the model comparison for your information:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~tab-b

Hi halim ,

Now my ouside interface is 100 mbps internet and last day i got a new link of  1 gbps and also in my network there are 6 zones .Is there any command for seeing the concurrent connections in the pix .Now i am using ids 4215 which is also a old one .I had seen Some new firewall is having ips features also .A firewall with ips or ips box alone is good for the webhosting data centres

"show conn" output, and on the first line, it will show you the current connections, as well as the maximum connection.

If you would like an IPS module, you can't use ASA5550, the highest model of ASA that supports the IPS module is ASA5540 on the ASA 5500 series, or alternatively if you are going for the new ASA 5500-X series, no additional module is required as it is built in to the ASA.

Here is the datasheet for your information:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-701808.html

Here is the datasheet for AIP module if you are interested in the 5500 series ASA:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6825/product_data_sheet0900aecd80404916.html

Here is the datasheet for the IPS in the 5500-X series:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/data_sheet_c78_459036.pdf

Hope that helps.

Thank you for the quick response.

I had exexuted the command

it showing

28250 in use, 29752 most used

UDP out 10.1.14.250:123 in 10.15.254.1:123 idle 0:00:37 flags -

Hope i had lot of connections in the network .

what are the factors that i look for a upgradtion from current pix 525 .How can i make a study .