Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
282
Views
0
Helpful
1
Replies

Adding 2nd ISP router

kdagostino
Level 1
Level 1

‎09-27-2002 07:03 AM - edited ‎03-09-2019 12:29 AM

I am new to PIX - Can a PIX 515 support more than 1 ISP router connected to it? If so, how could I allow 5 local hosts to only connect to the new ISP and the rest of my LAN connect only to the existing ISP? Thx for any help.

Labels:
0 Helpful
1 Reply 1

ggersch
Level 1
Level 1

‎09-27-2002 02:36 PM

First, you will need to create separate global and nat statements for each inside group. Use 'nat 1 ..' to map one inside group to a 'global 1' outside address range for one ISP. Use 'nat 2' and 'global 2' to map the other users to the second ISP range. You have to be able to separate the hosts by subnet to do this.

Next, one of your outside routers will need to be able to do source address routing. With Cisco routers, this is done with route-maps and policy based routing. Configure it to send packets with a source address from one global pool to its ISP and from the other global pool the matching ISP.

This can be a major pain. If your ISP provides the routers, or they're small soho routers, it may not be possible at all. I found it easier to do the policy routing in my core router and send the traffic out two different firewalls. A little 501 or 506 can easily handle 5 users, are fairly cheap.

Greg

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents