second Internet connection

w_basheer · ‎05-29-2007

Hello;

I have Internet connection to ISP terminated to FW 525 with multiple zones.

everything working fine.

new demand required separate internet connection dedicated to outside users who will access new servers in new DMZ.

means new Internet connection with new zone.

can anybody advice how's this doable ?

in the FW i can;t do a route map, i have a default router to the current ISP.

I will do the following:

FW:

---

1) Create new Servers DMZ

2) Create new outside zone (outside2) with security level 1

3) connect the internal leg of the second internet router to outside2.

4) Static (server_dmz , internal_leg_IP)

Internet router:

----------------

Do Natting :

Nat the internal_leg_IP to Real IP.

Traffic flow:

outside user--> Real IP --> internal_leg_IP --> server_dmz.

My question : since the default router of the router is the first ISP; does this will cause a problem.

anandramapathy · ‎05-31-2007

Yes this will.

Try this

terminate both links on the internet route 1 & do a route map on the interface connectecd to the Firewall

foxbatreco · ‎05-31-2007

hii...use PBR in this scenario..wht can be done is if u have another internet link comin in hv a normal s/w in before ur f/w..

which will terminate both links in different interfaces of the f/w.

then use PBR to match the traffic for each source..dmz and et al..and force it to use different next hops as per the traffic.

pls rate if this helps.