I am new to PIX - Can a PIX 515 support more than 1 ISP router connected to it? If so, how could I allow 5 local hosts to only connect to the new ISP and the rest of my LAN connect only to the existing ISP? Thx for any help.
First, you will need to create separate global and nat statements for each inside group. Use 'nat 1 ..' to map one inside group to a 'global 1' outside address range for one ISP. Use 'nat 2' and 'global 2' to map the other users to the second ISP range. You have to be able to separate the hosts by subnet to do this.
Next, one of your outside routers will need to be able to do source address routing. With Cisco routers, this is done with route-maps and policy based routing. Configure it to send packets with a source address from one global pool to its ISP and from the other global pool the matching ISP.
This can be a major pain. If your ISP provides the routers, or they're small soho routers, it may not be possible at all. I found it easier to do the policy routing in my core router and send the traffic out two different firewalls. A little 501 or 506 can easily handle 5 users, are fairly cheap.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :