Cisco 515e PIX Firewall: Route only port 80 and 443 traffic

Unanswered Question

I have a PIX 515e firewall with 3 interfaces (Inside, ISP_1, ISP_2). I currently have everything routed to ISP_1 but I would like to route all Web Browsing traffic (port 80 and 443) to ISP_2 and all other traffic continue out ISP_1.

I have setup an ACL specifying all traffic going to on port 80 and 443 to use ISP_2. But for some reason when I do that, that ACL rule reverts back to ISP_1. I am using the PIX PDM GUI.

Also, I do not have a static route defined for the ISP_2 interface, only an ACL. I am not sure how to define that route since I already have one ISP_1. Would it be somehthing like this?

<local network> <Local subnet> route to <ISP_1>

<local network> <Local subnet> route to <ISP_2>

I am not sure how the above would work. I still want all non port 80 and 443 traffic to go out through ISP_1.

Your help is appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Fri, 10/24/2008 - 08:29
User Badges:
  • Purple, 4500 points or more

I'm afraid you can't do that with a PIX. You could do it with a router and a route map.

dmooreami Fri, 10/24/2008 - 10:41
User Badges:

Correct you need two firewalls.

Yes, you can route-map with a L3 cisco switch.

you would use the route map with an extended access-list to push the traffic to the specific firewall. Google "cisco route-map" for examples

Collin Clark Fri, 10/24/2008 - 10:42
User Badges:
  • Purple, 4500 points or more

If you want to differentiate traffic flows then yes. You could use one router and connect to both ISPs and do the route map (as well as firewall services). I believe that route map support on L3 switches depends on the platform and Enhance Image IOS.


This Discussion