We are thinking of adding a second ISP link to our environment. I wanted to find out if it was possible to use policy-based routing on PIX to send all SMTP traffic through ISP A (on int2) and all other Internet traffic through ISP B (on int3).

After posting my message I realized that I forgot "PIX Rule #1": "PIX's do not route."

Perfect Raju,

PBR can be implemented in CISCO routers.

In PIX HTTP traffic source IP's can be NATed with ISP-A pool and SMTP traffic source IP's can be NATed with ISP-B pool (from inside interface to outside interface )and then do a policy based routing in the router based on the source IP address to forward to the respective WAN link.

Which will also give control over the inbound traffic from internet to come via the same ISP, through which the outgoing was sent.

Exactly Reddy . Currently, we are using one ISP WAN link for SMTP mails , VPN and OWA and other ISP WAN link for Internet access . This was achieved by PBR on Router as PIX does not support Routing and secondary IP also like Router . Now my management insists to configure failover also means in case of Internet ISP link is down , internet users should switch over through SMTP ISP link automatically .In that case , is it something to do Router configuration or I can create one more static from iside to outside on pix for proxy IP address pointing to one of the public IP in SMTP IP address range .

Regards,

Raju

Well,regarding the ISP redundancy you are looking at, this is something tricky.

If you have NATed proxy server IP to ISP-A IP pool already in PIX, PIX will not allow second NAT from the same source IP (either ISP-B pool/ISP-A pool).

For this senario, you may have to use NAT in the ISP-B router for the souce IP from ISP-A IP pool.