2 NAT problem

alexr · ‎05-09-2005

Hello all, i have one problem in which i need help

We got 2 ISP for traffic separating. I am using PIX 515E with version 6.3(1).

Before i ran on 1 ISP and everything was ok. I had 3 interfaces (inside, outside, dmz). Because PIX not supporting logical interfaces and i didnot want to go in really complicated in troubleshooting logical VLANs biulding, we purchased 4 port 10/100 FE card. On this card 1 interface i defined as outside1 with security1 and ISP2 public IP. This interface sitting in same VLAN with border router interface with ISP2 public IP.

There is route outside1 0 0 router_IP metric 2

I am trying to define static NAT translation for my local IP to ISP2 Public IP. After issueing clear xlate i am see that i still located in PAT for ISP1 public IP.

I have several questions:

1. Is this statement for route outside1 0 0 router_IP_ISP2 metric 2 is correct for PIX?

2. Should i reconfigure exisitng NAT (inside) for 2nd new global (outside1) via separating IP local subnets?

3. When i permitted isakmp and crypto ipsec on outside1 interface i succeded to have remote VPN connections. Can this work together?

Any help will be high appreciated.

Thanks, Alex

arumugasamy · ‎05-09-2005

Alex,

I hope pix 6.3 sipport only single default route so that we can not use load sharing on pix fw.

Pix software 7.x support 3 default routes.

If any thing wrong pl update me

swamy

alexr · ‎05-09-2005

Hi arumigasamy,

Thanks for your reply. May be it will be possible to separate the trafic via 2 globals?

Because for example i succedidng to connect to border router via VLAN?

Thanks