Can I use 2 static routes to nat 2 internet t1's coming into our building? I was thinking of putting the nat inside command on the ethernet and the nat outside command on the wan interfaces and creating 2 nat pools for each of the address blocks...does this seem feasible.
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
Thank you for posting.
You can't put two static routes for the "gateway of last resort" on the PIX. So if your Internet T1's are connected to two different routers, you will have to route all outbound traffic from the PIX to one router or the other.
Better to use one router with both T1's connected to it.
If you must use two routers, you'll have to put a route on the one the PIX is pointed at, for the other router as a gateway of last resort. So this router will have two routes to 0.0.0.0 0.0.0.0. One to via the T1 and the other to the second router.
Don't NAT on the PIX or be aware that the internal network is getting double-NAT'd; once by the PIX and then again by the internet router(s).
This will work if you are trying to create additional bandwidth and/or fault tollerance for your outbound Internet connections.
The only problem is inbound connections.
If you are hosting email, web servers, etc. They will only be accessible on one T1 or the other (presuming that you have different IP blocks for each which is why you are NATing on each WAN interface and not on the PIX).
To make your inbound connections work:
1. Get both T1's from one ISP and have them load balance a single IP subnet to you over both T1s.
2. Get your ISP's to work together with regard to routing a single IP subnet to you (i.e. they handle BGP for you).
3. Get at least a 3600 series router with 128MB DRAM and run BGP. Contact your ISP first and request an AS number for BGP.
I hope this helps.