I need to configure an additional Internet link to my pix firewall. I have only one existing internet link that i already working for all functions in the organization.
The second internet connection will be used only by a group of users to a particular website.
The same ISP is providing both internet links and the same DNS servers will be used for both internet links.
There is a default route for he first internet link with the next hop being the interface of the router for the first link.I have created a static route for the second link with specific source and destination with the next hop being the router to the second link.
NAT is fine, from my client PC i can ping to the second link when the first outside interface is shut. But is can't browse the website. It looks like all traffic follows the first link.
There is a switch in between the PIX and both routers, but with diff
you can connect the router to the two lines, and put the firewall behind the router, by this you will get load balance and secure your network.
As I know, the ASA cannot load share between two links, you can configure the second line as a backup line, that will work only when the first line goes off, see the linl below :
if you want to use both lines at the same time, you need to use a router, the router can load balance between two lines.