We now have multiple outside interfaces - different ISP's. The plan is to have one interface handle all web traffic (we will call that outside1)- the other VPN's (outside2).
To handle this - I figured I'd set the default route to use the ISP on outside1. All VPN routes would be have their routes defined to use outside2.
Inbound connections to the SSL VPN concentrator, however, are coming into outside2.
Will there be an issue with that because the default route points to outside1?? Or does the PIX know that since an inbound connection came on outside2 - use outside2 no matter what the def. route says???
On the firewall I don't do nothing different as use 2 different ip address (not interface), then I work using policing routing (route map) on the internet access routers, the default gateway recognize the kind of traffic (source), and applied a policed route.
I mean that all outgoing traffics have a src ip A, the vpn traffic have src (or dest) ip B, the router see the src if ip is A than police route (and then NAT) the traffic on ISP A, if is coming from ip B, don't NAT (otherwise von don't work), and fwd to isp B.
a lot of thing must be tuned, but in this way I use 2 different ISP, as with 6.3 pix don't suppport multi homed internet access.
I realize that to do what I'd like to do, I'll need a router on the outside. Was hoping I could a 'bit' more with the PIX itself - since there is so much configured with a single ISP connection terminated directly on that outside interface. To add a router would drastically change the config. Guess I'm going to have to gear up for it sometime soon.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...