Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
527
Views
0
Helpful
3
Replies

PIX "routing"

rsommer
Level 1
Level 1

‎09-13-2005 12:58 PM - edited ‎02-21-2020 12:23 AM

We now have multiple outside interfaces - different ISP's. The plan is to have one interface handle all web traffic (we will call that outside1)- the other VPN's (outside2).

To handle this - I figured I'd set the default route to use the ISP on outside1. All VPN routes would be have their routes defined to use outside2.

Inbound connections to the SSL VPN concentrator, however, are coming into outside2.

Will there be an issue with that because the default route points to outside1?? Or does the PIX know that since an inbound connection came on outside2 - use outside2 no matter what the def. route says???

Any other thoughts on this would be great also.

Thanks,

Rick

0 Helpful
3 Replies 3

sbianchi
Level 1
Level 1

‎09-15-2005 11:33 PM

I had dono somethings liket that.

On the firewall I don't do nothing different as use 2 different ip address (not interface), then I work using policing routing (route map) on the internet access routers, the default gateway recognize the kind of traffic (source), and applied a policed route.

I mean that all outgoing traffics have a src ip A, the vpn traffic have src (or dest) ip B, the router see the src if ip is A than police route (and then NAT) the traffic on ISP A, if is coming from ip B, don't NAT (otherwise von don't work), and fwd to isp B.

a lot of thing must be tuned, but in this way I use 2 different ISP, as with 6.3 pix don't suppport multi homed internet access.

hope that can help

bye

0 Helpful

rsommer
Level 1
Level 1
In response to sbianchi

‎09-16-2005 03:21 AM

Thanks for the reply.

I realize that to do what I'd like to do, I'll need a router on the outside. Was hoping I could a 'bit' more with the PIX itself - since there is so much configured with a single ISP connection terminated directly on that outside interface. To add a router would drastically change the config. Guess I'm going to have to gear up for it sometime soon.

Thanks,

Rick

0 Helpful

sbianchi
Level 1
Level 1
In response to rsommer

‎09-16-2005 03:42 AM

Rick,

lookin fwd on example i found also a way for the fix ip vpn endpoint, as you can put a static routes trought the isp B, but that just for the fix vpn, not for mobile (unknow ip src) users.

bye

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card