PIX configured with 2 ISP links

Unanswered Question
Oct 10th, 2007
User Badges:

Hi, I would like to know is it possible/advisable to have 2 ISP links on PIX515E interfaces so that if one goes down the other will be up for outside users to access the server services inside the PIX local LAN with out any service disturbance. Please advice and kind enough to send me the sample configurations. Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
timit Wed, 10/10/2007 - 22:30
User Badges:

This document says "this setup may not be suitable for inbound access to resources behind the security appliance." And my requirement is mainly for inbound continues access. So, Will this work for inbound access by configuring with the simple static and access-list commands for the corresponding ISP interfaces along with the above Backup interface configurations? Please advise.... Is anyone tried this before?

JORGE RODRIGUEZ Thu, 10/11/2007 - 12:17
User Badges:
  • Green, 3000 points or more

it will not work with inbound access with above example , personaly I have not faced this scenario but would definately like to lab this out, frankly I don't know if there is a simpler way to do this, if you want to have inbound access through ISP2 should ISP1 fail or vise versa this becomes a bit complicated as may question arises with DNS , and NATing two different public IP blocks into single inbound host but possible, you would have place a router in front of firewall and BGP multihomed with two ISP.

You may also post your initial question in WAN routing forum, where there are much more audience that may have done your requirements.


these links may also help


http://www.oreillynet.com/pub/a/network/2001/05/11/multihoming.html

http://www.spirit.com/Network/net0503.html

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009456d.shtml





Actions

This Discussion