Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Firewall interfaces

Say you have three interfaces on a firewall such as a PIX. Two of the interfaces are WAN links, (broadband internet access, different ISP's) and one is your LAN. The LAN interface address is what your LAN uses as its gateway. What determines which WAN interface internet traffic initiated form the inside goes to, assuming you permit the web traffic for both?

Would you have to choose which one by setting up NAT, Routes, etc, or could you enable LAN users to access both, thereby having a failover option in case one WAN link goes down?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Firewall interfaces

You would setup one as primary ISP link and the second one as a backup. You cannot load balance traffic out both interfaces. Point the default route out via the primary link and another default route with a higher admin distance via the second link. Set NAT rules and may want to configure IP SLA to track the availability of the next hop via the primary link.

HTH

Sundar

3 REPLIES

Re: Firewall interfaces

You would setup one as primary ISP link and the second one as a backup. You cannot load balance traffic out both interfaces. Point the default route out via the primary link and another default route with a higher admin distance via the second link. Set NAT rules and may want to configure IP SLA to track the availability of the next hop via the primary link.

HTH

Sundar

New Member

Re: Firewall interfaces

Very good thanks!! I'll start figuring that out.

New Member

Re: Firewall interfaces

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

This is it here. Unfortunately I dont think think my 6.2 ver PIX supports it. UGH.

208
Views
4
Helpful
3
Replies