Hello,
If you have two ISP connections and you would like to use both of them until
they are active, you can certainly do that. Normally, the firewall allows
only one default route and the other one need to be used as a backup route.
However, through a workaround, you could send a specific traffic type
through the other link. Also, if you just want to test, you can add specific
route statements on the pix sending traffic destined to specific
hosts/network through the second link. Check the following examples:
If you would like to send traffic destined to specific host/network via second link:
--------------------------------------------------------
global (outside2) 1 interface
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0
route outside2 64.1.1.0 255.255.255.0 route outside2 100.1.1.1 255.255.255.255
If you would like to use the second ISP as a backup link:
--------------------------------------------------------
global (outside2) 1 interface
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 1 track 1 route outside2 0.0.0.0 0.0.0.0 254
sla monitor 123
type echo protocol ipIcmpEcho interface outside num-packets 3 frequency 10
sla monitor schedule 123 life forever start-time now
track 1 rtr 123 reachability
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
If you would like to send specific traffic type via second link:
-----------------------------------------------------------
route outside 0.0.0.0 0.0.0.0 1 route outside2 0.0.0.0 0.0.0.0 254
static (outside2,inside) tcp 0.0.0.0 80 0.0.0.0 80 netmask 0.0.0.0
global (outside2) 1 interface
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
Hope this helps.
Regards,
NT
