2 ISP Connections

Unanswered Question
Apr 28th, 2007
User Badges:

Hi,


I am after configuring 2 ISP connections on my perimeter router; the connection from ISP A is to be dedicated for regular users internet access and for some servers' inbound access. On the other hand, connection from ISP B is dedicated for VIP users internet access and for VIP servers' inbound access.


I have a PIX FW running ver 6.3 behind the router. Now, as you know each ISP is giving a different public address range so what is the best configuration to control the traffic in the way I need ?


I have already tried to configure 2 connections b/ the router and the PIX, each is having the public range from different ISP, but since the PIX doesnt do source-based routing as in the router so I faced problems because always the traffic is routed to the default route which is in my case ISP A!!


I am thinking of configuring NATing for traffic intended for ISP B on the router itself on a loopback interface in the following manner:

-there is only one link b/ the router and the PIX which has ISP A public address

- A loopback on the router has ISP B public range.

- All the servers are on the same DMZ on the PIX

- Servers intended on ISP A will be NATed normally on the PIX iteself

- Servers and traffic intended for ISP B will be NATed 1st on the PIX and then on the router's loopback interface.


Please give me your recommendations and advise whether there are other scenarios for achieving what I am after or whether there is a way to achieve this on the PIX.


Thanks,

Haitham

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
haithamnofal Mon, 04/30/2007 - 10:31
User Badges:

Hi,


I got what I want through the following; I just wanted to tell you how in case you needed to implement something similar in the future. Basically, do the following:


1- leave the connection between the PIX and the router to have the public range provided by ISP A


2- Place the server you want it to have public IP from ISP B range on the PIX DMZ where you have your public servers


3- Do static NAT for the server which needs to be accessible on ISP B's IP to have a public IP from ISP B range. Whil the rest of the servers will be NATted on ISP A address range.


4- Configure a route on the perimeter router for the ISP B public range to be routable through the PIX outside interface (which is part of ISP A public range).


If you have any questions, please don't hesitate to contact me.


Regards,

Haitham


Actions

This Discussion