Cisco 515 PIX - Can I do this?

gavinspurling · ‎01-29-2004

Hello,

We currently have an ADSL connection with a ZyWall firewall with has limited upstream bandwidth. What we would like to do is to get an additional SDSL connection with 1MB in both directions that we can use just for hosting our mail server/vpn usage. General office usage would still be over the ADSL line, rather than the SDSL.

Our current ZyWall only supports one external WAN IP address. What I would like to do is have both the SDSL and ADSL routers connect to the 515 (via a switch/hub), and then have the 515 do NAT with one gateway address for our private lan on the ADSL, and setup a DMZ for the mail/vpn that used the SDSL. Does this make sense, and Is this possible?

baileja · ‎02-01-2004

Yes it makes sense and is possible.

jksnook · ‎02-02-2004

I would also like the solution to this scenario. Can you forward me the fix for this?

Thanks,

Jason

jason.snook@btasystems.com

shannong · ‎02-02-2004

Actually, this won't work so easily as it sounds. The Pix can only use a single default gateway. It also doesn't yet support source-based routing. Therefore, you won't have a mechanism to tell the Pix when to send the traffic out the SDSL vs ADSL even though you're NAT rules may perform what is necessary on the Pix. You'll need an intelligent routing device between the pick and the SDSL/ADSL connections.

Also, the return traffic will have to be contended with for inbound connections. In otherwords, the Pix will need to know to send the traffic back out the same circuit it was initiated on. One way to accomplish this is with source NAT on the external routers.