i have a 515E pix firewall and installed with 1 ISP and exchange in a dmz ZONE . Now the senerio has changed that i have the internet access to 2 ISP . what will be the configuration now , i heared about multihome box . how i will use in fornt of firewall ??
tell me what is this multihome and how to configure with 2 ISP .
Multihoming is a term used to describe a setup where your network is connected to more than one ISP's and is not PIX specific.
Ideally speaking, you should treat the PIX firewall as a on/off (electrical) switch on a cable which switches on or off depending on the traffic it has been configured to permit. While multihoming, you need to focus on the routers and configure them to be able to exchange routing information and fall back to the backup route when the primary fails (or load balance as required). The PIX in this case will merely be configured to allow the routing information to pass through. Please see the example at http://www.cisco.com/warp/public/459/BGP-PIX.htm to see how this is done. A word of caution though. Configuring the network as shown in the example above is not exactly the best design. For a PIX to function properly, the incoming packet should pass through the same PIX as the corresponding outgoing packet had gone out through. This might not always happen in this multihomed network. Playing with the AS-Path attribute does help but you might need some additional configuration.
I have done this on numerous installations to provide more bandwidth / failover links / multiple redundant paths for inbound / outbound services. Usually, we do this with private addressing on all sides of the PIX (inside, outside, dmz etc) and then use IP CEF with a combination of dynamic and static NAT on the external router to utilise both / all links (have done this with 4 links outside the PIX). It's all pretty simple to do - if you need more help then what I have said above, let me know.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...