Re: Problem from 2 internet connections from PIX.

cnatima · ‎08-18-2004

I have 1 pair of PIX failover and 2 internet connections (2 routers). Normally I use 1 connection to connect corporate network by VPN and another for Internet access.Firstly, I use static NAT (200.x.x.222) for my mail server which has provide both POP3/SMTP and Webmail service to the first connection.For routing table, I set some static route to the first connection and default route to the second connection. The problem is we couldn't access the our webmail IP 200.x.x.222. I thought that mail server couldn't found the routing it has to go. Because it has the static NAT for the first connection but the routing force it to pass the packet to the second connection. So I think that if we can do source-routing, maybe it can solve the problem but I can't found this feature from PIX firewall. Could you please help me solve this.

Remark: We can't do the static NAT for the second interface because this connection just only temporary Internet access way.

Please help us to solve this problem.

Thanks in advance,

Natima

nkhawaja · ‎08-21-2004

hi,

are both your internet connections connected to only one interface of PIX, that is outside?

thanks

Nadeem

cnatima · ‎08-24-2004

Nadeem,

Thanks for your help.As your question, I have 2 interfaces of PIX, outside and outside2 interface, to connect 2 internet connections.

Natima

nkhawaja · ‎08-24-2004

Hi,

You need to trace the packets. It seems like they are coming from other interface where you dont have that static defined.

Why dont you define the same static on both the interfaces.

e.g. static (dmz1,outside1) x.x.x.x y.y.y.y

static (dmz1,outside2) x.x.x.x y.y.y.y

thanks

Nadeem