Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Pix 515 with 2 Internet Providers

I have a client that has installed a second Internet connections and terminated it to their PIX. On the original connection they want to continue to use if for all the established connections. On the new connections they want to be able to advertise a Citrix farm for external users and remote offices without having to share the bandwidth for other services. Any thoughts on how to advertise 2 sets of external IP address ranges from the PIX and then be able to NAT them to internal hosts?


Re: Pix 515 with 2 Internet Providers

Hello Timothy,

will the citrix farm be accessed only by specific IP ranges of your office or through internet also ? If it will be accessed by your remote offices only , then you can do the following:

terminate the second link on the dmz interface.. i assume that the main link is on the ouside.. have the default route on the outside interface for internet access. you would have already dont a PAT for the inside users with the IP address of ISP 1 for this case.. You can then NAT the citrix IP onto the DMZ interface with ISP 2 IP address... You can add static routes for the remote offices throgh the second router on the DMZ...

If it is going to accessed by guys in internet also, then i dont think PIX supports multihoming !!! you have to use a router on the external interface to run BGP and get multihoming done !!!

Hope this helps.. all the best.. rate replies if found useful..


CreatePlease to create content