Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
431
Views
4
Helpful
3
Replies

Firewall interfaces

Go to solution
attrib7575
Level 1
Level 1

‎03-21-2008 11:19 AM - edited ‎03-11-2019 05:20 AM

Say you have three interfaces on a firewall such as a PIX. Two of the interfaces are WAN links, (broadband internet access, different ISP's) and one is your LAN. The LAN interface address is what your LAN uses as its gateway. What determines which WAN interface internet traffic initiated form the inside goes to, assuming you permit the web traffic for both?

Would you have to choose which one by setting up NAT, Routes, etc, or could you enable LAN users to access both, thereby having a failover option in case one WAN link goes down?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sundar.palaniappan
Level 10
Level 10

‎03-21-2008 12:40 PM

You would setup one as primary ISP link and the second one as a backup. You cannot load balance traffic out both interfaces. Point the default route out via the primary link and another default route with a higher admin distance via the second link. Set NAT rules and may want to configure IP SLA to track the availability of the next hop via the primary link.

HTH

Sundar

View solution in original post

3 Replies 3

Go to solution
sundar.palaniappan
Level 10
Level 10

‎03-21-2008 12:40 PM

You would setup one as primary ISP link and the second one as a backup. You cannot load balance traffic out both interfaces. Point the default route out via the primary link and another default route with a higher admin distance via the second link. Set NAT rules and may want to configure IP SLA to track the availability of the next hop via the primary link.

HTH

Sundar

Go to solution
attrib7575
Level 1
Level 1
In response to sundar.palaniappan

‎03-24-2008 07:01 AM

Very good thanks!! I'll start figuring that out.

0 Helpful

Go to solution
attrib7575
Level 1
Level 1
In response to attrib7575

‎03-24-2008 08:26 AM

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

This is it here. Unfortunately I dont think think my 6.2 ver PIX supports it. UGH.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card