PIX with a second ISP

Unanswered Question
Nov 2nd, 2007

I have a PIX with two ISPs connections, each one arrives to a different PIX interfaces. ISP1 is the default route for the PIX. If I receives a connection to an internal server through ISP2 (non default route), did the PIX answer this client through the same connection (ISP2) or through the default route (ISP1)?

I'm trying to arrive to an internal web server through ISP2 and I can't. If I put an static route in the PIX to the ISP2-client IP through ISP2 router I can. But I can't set advanced routes in the PIX (based in source IP address), so how can I solve this problem? I want to set one ISP for navigation and the other one for my servers (web, e-mail,...)


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tstanik Wed, 11/07/2007 - 12:44

This will depend on the case from where the connection is originated and where it ends. If the connection is originated by PIX or by some internal client it will go through default route (ISP1) but the return traffic may come from any of the ISP's. If the incoming traffic is coming from any ISP it will always leave from default route (ISP1), but this will depend on traffic type.

The only way I've gotten something like this to work was to use 1 ISP for default route communications (i.e. Internet access), and the 2nd ISP for staticly routed connections (i.e. VPN site-to-site tunnels).

Alternatively you can use a Cisco IOS router and connect both ISPs into it upstream from the PIX and then use policy routing on the Cisco router to route traffic in/out each ISP based upon the source IP address. Then you control which ISP is used based upon what IP scheme you NAT into on the PIX. I've done this before and it works fine.


This Discussion