Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
365
Views
0
Helpful
1
Replies

2 ISP Connections

haithamnofal
Level 3
Level 3

‎04-28-2007 12:11 PM - edited ‎03-11-2019 03:06 AM

Hi,

I am after configuring 2 ISP connections on my perimeter router; the connection from ISP A is to be dedicated for regular users internet access and for some servers' inbound access. On the other hand, connection from ISP B is dedicated for VIP users internet access and for VIP servers' inbound access.

I have a PIX FW running ver 6.3 behind the router. Now, as you know each ISP is giving a different public address range so what is the best configuration to control the traffic in the way I need ?

I have already tried to configure 2 connections b/ the router and the PIX, each is having the public range from different ISP, but since the PIX doesnt do source-based routing as in the router so I faced problems because always the traffic is routed to the default route which is in my case ISP A!!

I am thinking of configuring NATing for traffic intended for ISP B on the router itself on a loopback interface in the following manner:

-there is only one link b/ the router and the PIX which has ISP A public address

- A loopback on the router has ISP B public range.

- All the servers are on the same DMZ on the PIX

- Servers intended on ISP A will be NATed normally on the PIX iteself

- Servers and traffic intended for ISP B will be NATed 1st on the PIX and then on the router's loopback interface.

Please give me your recommendations and advise whether there are other scenarios for achieving what I am after or whether there is a way to achieve this on the PIX.

Thanks,

Haitham

Labels:
0 Helpful
1 Reply 1

haithamnofal
Level 3
Level 3

‎04-30-2007 10:31 AM

Hi,

I got what I want through the following; I just wanted to tell you how in case you needed to implement something similar in the future. Basically, do the following:

1- leave the connection between the PIX and the router to have the public range provided by ISP A

2- Place the server you want it to have public IP from ISP B range on the PIX DMZ where you have your public servers

3- Do static NAT for the server which needs to be accessible on ISP B's IP to have a public IP from ISP B range. Whil the rest of the servers will be NATted on ISP A address range.

4- Configure a route on the perimeter router for the ISP B public range to be routable through the PIX outside interface (which is part of ISP A public range).

If you have any questions, please don't hesitate to contact me.

Regards,

Haitham

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card