Pix 515 with 2 Internet Providers

Unanswered Question
Feb 3rd, 2007

I have a client that has installed a second Internet connections and terminated it to their PIX. On the original connection they want to continue to use if for all the established connections. On the new connections they want to be able to advertise a Citrix farm for external users and remote offices without having to share the bandwidth for other services. Any thoughts on how to advertise 2 sets of external IP address ranges from the PIX and then be able to NAT them to internal hosts?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sachinraja Sat, 02/03/2007 - 16:42

Hello Timothy,

will the citrix farm be accessed only by specific IP ranges of your office or through internet also ? If it will be accessed by your remote offices only , then you can do the following:

terminate the second link on the dmz interface.. i assume that the main link is on the ouside.. have the default route on the outside interface for internet access. you would have already dont a PAT for the inside users with the IP address of ISP 1 for this case.. You can then NAT the citrix IP onto the DMZ interface with ISP 2 IP address... You can add static routes for the remote offices throgh the second router on the DMZ...

If it is going to accessed by guys in internet also, then i dont think PIX supports multihoming !!! you have to use a router on the external interface to run BGP and get multihoming done !!!

Hope this helps.. all the best.. rate replies if found useful..



This Discussion