10-24-2008 08:13 AM - edited 03-11-2019 07:02 AM
I have a PIX 515e firewall with 3 interfaces (Inside, ISP_1, ISP_2). I currently have everything routed to ISP_1 but I would like to route all Web Browsing traffic (port 80 and 443) to ISP_2 and all other traffic continue out ISP_1.
I have setup an ACL specifying all traffic going to 0.0.0.0 on port 80 and 443 to use ISP_2. But for some reason when I do that, that ACL rule reverts back to ISP_1. I am using the PIX PDM GUI.
Also, I do not have a static route defined for the ISP_2 interface, only an ACL. I am not sure how to define that route since I already have one ISP_1. Would it be somehthing like this?
<local network> <Local subnet> route to <ISP_1>
<local network> <Local subnet> route to <ISP_2>
I am not sure how the above would work. I still want all non port 80 and 443 traffic to go out through ISP_1.
Your help is appreciated.
10-24-2008 08:29 AM
I'm afraid you can't do that with a PIX. You could do it with a router and a route map.
10-24-2008 10:05 AM
So would I need 2 Firewalls then, for each ISP connection?
Also is a layer 3 Cisco switch able to route map?
10-24-2008 10:41 AM
Correct you need two firewalls.
Yes, you can route-map with a L3 cisco switch.
you would use the route map with an extended access-list to push the traffic to the specific firewall. Google "cisco route-map" for examples
10-24-2008 10:42 AM
If you want to differentiate traffic flows then yes. You could use one router and connect to both ISPs and do the route map (as well as firewall services). I believe that route map support on L3 switches depends on the platform and Enhance Image IOS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide