Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Can this be done?

Hi all:

I currently have a T1 connection coming into a 1700 cisco router and a pix 515. I wanted to get add a dsl modem for internet access only. My first plan was to add another router and add routes on that (the cisco 1700 isn't our router and I do not have access to it) But someone suggested the following: Could I attach the dsl to another interface on the pix and direct all internet though that and only vpn traffic through the T1 (connection only used for office work).

Thanks for any info!


Re: Can this be done?

I think it's doable.

For existing T1 which connected on Outside interface, set specific route to VPN peer ip address. Apply nonat here as well. Make sure the ACL is correctly identify the source and destination network addresses. Do not configure 'global' here.

For new DSL, connect to e1 interface @ DMZ. Set default route via this interface. Tie the nat & global statement together, which defining/allowing internal segment to start connection and uses the DMZ to go out to internet (as global IP). Make sure you have necessary ACL to allow who/what can go in/out via permitted tcp/udp protocols.



CreatePlease to create content