10-24-2008 08:13 AM - edited 03-11-2019 07:02 AM
I have a PIX 515e firewall with 3 interfaces (Inside, ISP_1, ISP_2). I currently have everything routed to ISP_1 but I would like to route all Web Browsing traffic (port 80 and 443) to ISP_2 and all other traffic continue out ISP_1.
I have setup an ACL specifying all traffic going to 0.0.0.0 on port 80 and 443 to use ISP_2. But for some reason when I do that, that ACL rule reverts back to ISP_1. I am using the PIX PDM GUI.
Also, I do not have a static route defined for the ISP_2 interface, only an ACL. I am not sure how to define that route since I already have one ISP_1. Would it be somehthing like this?
<local network> <Local subnet> route to <ISP_1>
<local network> <Local subnet> route to <ISP_2>
I am not sure how the above would work. I still want all non port 80 and 443 traffic to go out through ISP_1.
Your help is appreciated.
10-24-2008 08:29 AM
I'm afraid you can't do that with a PIX. You could do it with a router and a route map.
10-24-2008 10:05 AM
So would I need 2 Firewalls then, for each ISP connection?
Also is a layer 3 Cisco switch able to route map?
10-24-2008 10:41 AM
Correct you need two firewalls.
Yes, you can route-map with a L3 cisco switch.
you would use the route map with an extended access-list to push the traffic to the specific firewall. Google "cisco route-map" for examples
10-24-2008 10:42 AM
If you want to differentiate traffic flows then yes. You could use one router and connect to both ISPs and do the route map (as well as firewall services). I believe that route map support on L3 switches depends on the platform and Enhance Image IOS.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: