Hi there - We are getting ready to migrate from one ISP to another and I am running into some issues getting it to work. Essentially, our network is currently layed out like this:
We had some extra gear which I setup for the new ISP and that is layed out like this:
ISP2->2620RTR2->PIXFW2->DMZ,SERV,CORE switches (these are the same switches)
The only differences are the IP addresses of the PIX firewalls which are in the same subnets. I setup a test server on the new ISP and pointed it to PIX2 as it's default gateway. It is able to get out to the internet and it can be accessed via it's public IP so that it working just fine. However, internal traffic is not working. I believe it is because the traffic flows like this:
workstation->CORESW->PIX1(inside)->PIX1(dmz)->DMZSW->server the return traffic goes like this:
server->DMZSW->PIX2(dmz)->then drops because the PIX never saw the original syn packet and drops the syn-ack.
I could also be completely wrong with my theories so if I am please let me know. If anybody has any suggestions to help me out I would be very appreciative. Also, on the migration note, does anybody have any good links to documentation regarding source based routing? I believe that I need to set up something like that on our routers so that we do not get asynchronous routing when we begin to migrate our DNS over. I can already see that we will run into similar routing issues once we get moving on that so any ideas regarding that would be appreciated as well.