Multiple outside interfaces on PIX and loadbalancing
I must admit that i am not an expert on PIX...but i have a question..Can you have 2 outside interfaces on the PIX???
I have a PIX with an outside interface connected to a router with a link to an ISP. Can i have another outside interface ex.Outside1 which connects to another router with a link to another ISP??? I want to do loadbalancing to these 2 ISPs.
Can i do loadbalancing using static routes???
Can i do policy routing on the PIX??? For example...i want traffic from some inside hosts to go out to one ISP and the traffic from remaining hosts to go via another ISP.Is this possible???
Would be of great help if someone could point out some documents where i can get the above info.
Re: Multiple outside interfaces on PIX and loadbalancing
In PIX IOS version 5.2 and higher, you can have an interface other than e1 as the outside interface. Also, though not a Cisco recommended (or TAC supported configuration), two interfaces can have the same security level. Based on these facts, I think it just might be possible (though I have not verified it or come across such a setup). On the other hand though, you could certainly have an additional interface (say e2), name it something like 'outside-2', assign it a security level, say 5, and use it to connect to your second ISP. You can certainly load balance on these links using static routes. You could configure outbound traffic to certain IP's over one interface, while directing another set of packets, based on their destination IP, to the other ISP.
Strictly speaking though, this is not the best way of doing things. A better way of doing things would be to deploy a perimeter router (on the PIX outside interface) and multihome it. Then you could make use of a large range of Cisco solutions for load balancing over the links.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :