Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX with 2 internet connections


I've been reading on this but can't find any answers...

PIX 515 with 3 ethernet

inside - ethernet

outside - leased line

adsl - adsl line

The leased line and adsl line are from different providers, and therefore have different address ranges and gateways. I can't see any way to decide to use the adsl as a backup to the leased line, can anyone here?

The only uses I could see were:

1. apply the isakmp map to the adsl to allow incoming VPN across either interface

2. define a static nat from the proxy server to go out via the adsl. This leaves the site with some users on direct connection via leased line, and some via proxy on adsl.

The statement:

route (interface) next_hop priority

doesn't seem to allow the PIX to use the adsl line if the leased line becomes unavailable.

Does this all add up?

Cisco Employee

Re: PIX with 2 internet connections

You can't do load-balancing on the PIX unfortunately. As you've discovered, you can only have one default route pointing out one interface, so there's no way to send specific traffic outbound and ensure that it's going out the right interface.

If however, you only want VPN traffic to come in over the ADSL and send all other user traffic on the outside interface, then this could be done. You'd just add a static route for the remote IPSec peer and point it out the ADSL interface, and your default route would point out the outside interface. Your remote IPSec peer would then point to your ADSL interface address and everything should go fine.