2 ISPs and a PIX 515

rshullaw · ‎09-07-2006

We've recently added a new Internet connection from a different provider (T1) to our network. Eventually, we're planning to move our Internet usage completely to the new connection, but in the mean time, I'd like to leave the statics the way they are on the existing connection but utilize the new T1 for our users browsing the Internet. As the PIX doesn't allow for two "outside" interfaces or any sort of policy-based routing I have the new Internet connection terminated at the 2610 router we had been using for the initial Internet T1. My hope was that I could use route mapping to grab the traffic coming from the PIX with the dynamically NATted IP address for Internet bound traffic, NAT it again with an IP address suitable for the new Internet connection, and send it out the new interface.

First of all, does this sound OK? Early attempts seem to fail, but I'm not completely sure of the appropriate config to make this happen. With the dynamic NAT on the PIX, will NATting that single IP address on the router again work? What routing issues do I need to address? Should I be looking at doing this in some other way?

Any thoughts at all would be appreciated!

Thanks!

jackyoung · ‎09-07-2006

If you deploy a router between the WAN link and the FW. And the FW carry tha NAT, I believe it can't work in this case. It was because the FW cannot carry the NAT to two providers.

So I suggest to enable the NAT at the 2610 instead of the FW. Then the inside traffic is belonging to the internal network address then the 2610 respond to translate it to corresponding outside (ISP) address.

You are correct that only if there are two outside interfaces from PIX. Otherwise, it can't work. Please advise if I misunderstood the case.

Hope this helps.