any problem? thanks
7401----ISP1
|
Layer 2 Switch--- PIX---Inside Network
|
7401----ISP2
relative config only
PIX:
nat (inside) 1 10.10.10.0 255.255.255.0
global (outside) 1 209.165.0.10-209.165.0.14 netmask 255.255.255.248
nat (inside) 2 10.20.20.0 255.255.255.0
global (outside) 2 222..171.201.10-222.171.201.14 netmask 255.255.255.248
static (inside,outside) 209.165.0.9 10.10.10.1 netmask 255.255.255.248
static (inside,outside) 222.171.201.9 10.20.20.1 netmask 255.255.255.248
access-list 101 permit tcp any host 209.165.0.9 eq www
access-list 101 permit tcp any host 209.165.0.9 eq 8080
access-list 101 permit tcp any host 222.171.201.9 eq smtp
access-group 101 in interface outside
ip route 0.0.0.0 0.0.0.0 192.168.0.1
7401A:
interface FastEthernet 0/0
ip address 209.165.0.2 255.255.255.248
!
interface FastEthernet 0/1
ip address 192.168.0.2 255.255.255.0
glbp 10 load-balancing host-dependent
glbp 10 ip 192.168.0.1
ip policy route-map isp
!
access-list 1 permit ip 209.165.0.8 0.0.0.7
access-list 2 permit ip 222.171.201.8 0.0.0.7
!
route-map isp permit 10
match ip address 1
set ip next-hop 209.165.0.1
!
route-map isp permit 20
match ip address 2
set ip next-hop 192.168.0.3
!
7401B:
interface FastEthernet 0/0
ip address 222.171.201.2 255.255.255.248
!
interface FastEthernet 0/1
ip address 192.168.0.3 255.255.255.0
glbp 10 load-balancing host-dependent
glbp 10 ip 192.168.0.1
ip policy route-map isp
!
access-list 1 permit ip 209.165.0.8 0.0.0.7
access-list 2 permit ip 222.171.201.8 0.0.0.7
!
route-map isp permit 10
match ip address 1
set ip next-hop 192.168.0.2
!
route-map isp permit 20
match ip address 2
set ip next-hop 222.171.201.1
!
