It's possible with PIX vlan feature. But your PIX515 license - is it loaded with Restricted (R) or UnRestricted (UR)? You might need to check max number of permitted logical interfaces from the url below:
Basically, what you need is to have vlans in both on the outside and inside interfaces. Each interface will host 2 vlans. Example:
-physical interface: vlan10 (for ISP1)
-logical interface: vlan11 (for ISP2)
-physical interface: vlan100 (internal vlan#1)
-logical interface: vlan101 (internal vlan#2)
*By default, PIX support Dot1Q for trunk encap.
Assign IP, security level and name to all these interfaces. Same goes to ACL, nat/global, static map & routing.
For Outside connectivity, you need to connect the outside interface to a switch with trunk enable (use dot1Q for encap). Create 2 x Vlans (vlan 10 & 11) to host/connect 2 connections to your external routers.
Same goes to Inside interface. Get a switch, create 2 vlans (vlan 100 & 101) for 2 segments. Configure the switch port connected to PIX Inside interface with dot1Q encap, and allow only those 2 vlans to traverse through.
All internal clients must point to firewall inside interface IP (vlan 100 & 101) as GW.
Routing (?): define either specific route to both Outside physical and logical interfaces.
route outside 0 0 isp-router#1 1
route outside 0 0 isp-router#1 2
PIX does not allows 2 default route with same distance/hop count. You need to assign 2 different values, 1 & 2 or any figure you want.
As mentined you could use VLAN but then forget all the rest of my POST or upgrade to PIX OS 7.0 if not allready done ( Plus memory upgarde) then you need an unrestricted license and a Quand FastEthernet NIC card (Finaly you will have 6 Physical interfaces).
Suppose that you have at least 4 physical interfaces:
You could use the multiple context fonction to create virtual independent firewalls in the same box.
But you need probably to buy a license for multiple context mode too.
Physical interfaces will work the same as logical interfaces, the diffrence is you don't need to do any config of switches to make 802.1Q trunks.
additionally you should have PIX OS Ver 7.x to make to outside and two inside (two interfaces with same security level), that 6.3 and earlier do not support mean you can't communicate between two same security level interfaces in 6.3 or earlier.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...