Hello every one,
I currently have a PIX 515 6.3 set up in the following way
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 outside2 security50
nameif ethernet3 outsied3 security50
I have all my published services(http, smtp.. etc) on public IP of interface Outside.
All users internet traffic also uses this interface.
Outside2 is used for our VPN Inter-office traffic.
global (outside) 1 interface
global (outside2) 1 interface
global (outside3) 1 interface
nat (inside) 0 access-list 100
nat (inside) 1 192.168.80.0 255.255.255.0 0 0
static (inside,outside) tcp x.x.x.107 www 192.168.80.4 www netmask 255.255.255.255 0 0
static (inside,outside) tcp x.x.x.107 smtp mail01 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp x.x.x.107 https 192.168.80.4 https netmask 255.255.255.255 0 0
static (inside,outside) x.x.x.108 192.168.80.6 netmask 255.255.255.255 0 0
static (inside,outside) x.x.x.109 192.168.80.12 netmask 255.255.255.255 0 0
route outside 0.0.0.0 0.0.0.0 x.x.x.105 1
route outside2 z.z.z.16 255.255.255.248 z.z.z.241 1
route outside2 z.z.z.232 255.255.255.248 z.z.z.241 1
route outside2 z.z.z.192 255.255.255.248 z.z.z.241 1
I would like that all our internal users traffic use Interface Outside2.
this is what i have done so far.
i have changed the default route:
no route outside 0.0.0.0 0.0.0.0 x.x.x.105
route outside2 0.0.0.0 0.0.0.0 z.z.z.241.
all users can navigate on the internet fine.
the problem is that no one can reach our public ip address on interface outside after this change.
I think the problem could be that when te trafic gets translated to the internal ip address then it goes back to the pix and gets out whit interface Outside2 IP
Can any one give me a hand whit this.
thanks very much for your time