Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
254
Views
0
Helpful
1
Replies

How to configure 2 leased lines in PIX515 E ?

abhyankar
Level 1
Level 1

‎05-14-2008 08:24 AM - edited ‎03-11-2019 05:45 AM

Hello,

Sort of complicated designing task I got. Please have a look at following scenario of mine.

Problem: How to configure 2 leased line on Cisco 515E PIX

Description: In my environment I have

-1 Cisco 1841 router with WIC2-T card.

-1 Cisco 515E PIX

- 1 leased line is already configured and used for VPN access and for internet

Proposed Scenario Need to configure additional leased line to divert HTTP/Internet traffic on new line. Existing VPN will remain on existing link.

Conclusion after Googling:

- I need 6.3.3 version os in my PIX

- Policy based NATing will be used

Doubts After upgrading os will I be able to use Policy based NAT feature for sure? Any1 tried this before? Or shall I purchase additional ethernet card for PIX?

I have configured Public WAN IP on router as usual. And configured fa 0/1 int and connected cable to PIX's 3rd port. Havent configured PIX's 3rd ethernet which is reserved for DMZ. But we are not using DMZ.

Any hints, clues on this ?

Would be glad if you can give an example of Policy based NATing.

Goal is to configure new link in such a way that all HTTP traffic will go through this new line while existing VPN will remain as it is.

Thank you,

Regards,

AmeY.

Labels:
0 Helpful
1 Reply 1

hadbou
Level 5
Level 5

‎05-20-2008 09:07 AM

PIX Firewall Version 6.3(2) introduces Policy Network Address Translation (NAT). Policy NAT allows you to identify both the source and destination addresses in an access list when specifying the local traffic to translate. This feature lets you use different global addresses for each source and destination pair on an interface, even if the source address is the same for each pair. Without policy NAT, you can only specify a single global address for a given source address, because the destination address is not considered. To configure policy NAT, use either the static or nat commands.

Refer the following url for more info on policy NAT:

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/bafwcfg.html#wp1113601

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card