02-20-2003 12:40 PM - edited 03-09-2019 02:11 AM
I have two ISPs (ISP-router-A and ISP-router-B) and a pix between them and the DMZ.
I want to use two proxy servers (proxy-A and proxy-B) in the DMZ to bring http access to the users in the LAN (there is another pix between de DMZ and the LAN).
Then, I want to use ISP-router-A to route traffic from proxy-A and ISP-router-B to route traffic from proxy-B.
How can I configure the pix to make possible to discriminate the traffic of the proxy servers, to send it to the appropiate ISP-router?
02-25-2003 10:40 AM
You can add a new DMZ to your PIX and route traffic from each proxy to the matching ISP.
02-25-2003 11:42 AM
You must understand PIX isn't a router, not yet. Then, all your outgoing trafic will pass through only 1 ISP, the one pointed by default in your config except if you use HSRP or VRRP between both routers.
To discriminate incoming trafic from any ISP, you should use an IP address specific to each ISP as static translation to a specific Proxy, i.e.
- One ISP A's IP address is statically NATed to Proxy A
- One ISP B's IP address is statically Nated to Proxy B
You have nothing to do to have this behavior, this will be automatic depending of the config apply for outbound trafic as explained in the following description.
You must discrimate outgoing trafic from Proxy A&B to be Nated with the good IP address. For Proxy A: you need a specific Global & NAT command. Same thing for Proxy B.
Regards
Benoit
Quebec
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide