Configuring 2 ISP Connections on the same Router

Unanswered Question
Apr 28th, 2007


I am after configuring 2 ISP connections on my perimeter router; the connection from ISP A is to be dedicated for regular users internet access and for some servers' inbound access. On the other hand, connection from ISP B is dedicated for VIP users internet access and for VIP servers' inbound access.

I have a PIX FW running ver 6.3 behind the router. Now, as you know each ISP is giving a different public address range so what is the best configuration to control the traffic in the way I need ?

I have already tried to configure 2 connections b/ the router and the PIX, each is having the public range from different ISP, but since the PIX doesnt do source-based routing as in the router so I faced problems because always the traffic is routed to the default route which is in my case ISP A!!

I am thinking of configuring NATing for traffic intended for ISP B on the router itself on a loopback interface in the following manner:

-there is only one link b/ the router and the PIX which has ISP A public address

- A loopback on the router has ISP B public range.

- All the servers are on the same DMZ on the PIX

- Servers intended on ISP A will be NATed normally on the PIX iteself

- Servers and traffic intended for ISP B will be NATed 1st on the PIX and then on the router's loopback interface.

Please give me your recommendations and advise whether there are other scenarios for achieving what I am after or whether there is a way to achieve this on the PIX.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anand S Sat, 04/28/2007 - 20:05


You can either configure Policy Based Routing on the Internet Router or use Radware device for Internet Traffic Load Balancer.

go through the attachment.

hope this helps.

rate this post if satisfied.

haithamnofal Sat, 04/28/2007 - 20:30


PIX does not support PBR and the public IP ranges from both ISPs are on 2 different PIX outside interfaces (i.e. I have 2 outside connections b/ the router and the PIX each is for different ISP) but with this configuration the PIX keeps routing traffic to the default route completely ignoring the other in case of outbound traffic.

I am thinking of configuring a loopback interface having the IP address of ISP B while ISP A is configured on a physical interface on my router since it can support PBR. I will implement this in the way I explained in my previous post, can you pls confirm whether that configuration will help?



haithamnofal Mon, 04/30/2007 - 10:30


I got what I want through the following; I just wanted to tell you how in case you needed to implement something similar in the future. Basically, do the following:

1- leave the connection between the PIX and the router to have the public range provided by ISP A

2- Place the server you want it to have public IP from ISP B range on the PIX DMZ where you have your public servers

3- Do static NAT for the server which needs to be accessible on ISP B's IP to have a public IP from ISP B range. Whil the rest of the servers will be NATted on ISP A address range.

4- Configure a route on the perimeter router for the ISP B public range to be routable through the PIX outside interface (which is part of ISP A public range).

If you have any questions, please don't hesitate to contact me.




This Discussion