Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX 515E-restricted, are multiple 'outside' ports possible

We currently have 2 firewalls at our site, each w/ there own public IP. One is a SonicWall (used for VPNs for a specific department as required by a 3rd party) and the other is a Cisco PIX 515E - restricted (used for other VPN connections and all other Internet traffic). I'm looking at installing another Internet line from a different ISP as a backup. The SonicWall allows a 2nd WAN port for failover, but I'm not sure about the PIX 515E. It appears that I can install another ethernet interface, but can it be used for a WAN (2nd 'outside') interface? Or only for a DMZ interface? If I can't used this other ethernet interface, can I set another default route that could send traffic to the SonicWall if and only if the current outside interface (ISP) was down? My preference would be to to utilize the SonicWall as I currently only allow some VPN traffic through that firewall. Any other options available using my PIX firewall?




Re: PIX 515E-restricted, are multiple 'outside' ports possible

Yes, you can have multiple outside ISP interfaces but the problem is that there is no way how the PIX would detect that the first ISP link is down if the link is not physicly down. For example if the ISP has troubles a few hops away.

But you could alway change manually the default route , or shut down the fist interface so that the second route would be used or use the BGP routing protocol with your ISP.

Last way is to purchase a Link Controller (Loadbalancer) that is able to do that directly insted of doing this on the Firewalls.



CreatePlease to create content