I've been reading on this but can't find any answers...
PIX 515 with 3 ethernet
inside - ethernet
outside - leased line
adsl - adsl line
The leased line and adsl line are from different providers, and therefore have different address ranges and gateways. I can't see any way to decide to use the adsl as a backup to the leased line, can anyone here?
The only uses I could see were:
1. apply the isakmp map to the adsl to allow incoming VPN across either interface
2. define a static nat from the proxy server to go out via the adsl. This leaves the site with some users on direct connection via leased line, and some via proxy on adsl.
You can't do load-balancing on the PIX unfortunately. As you've discovered, you can only have one default route pointing out one interface, so there's no way to send specific traffic outbound and ensure that it's going out the right interface.
If however, you only want VPN traffic to come in over the ADSL and send all other user traffic on the outside interface, then this could be done. You'd just add a static route for the remote IPSec peer and point it out the ADSL interface, and your default route would point out the outside interface. Your remote IPSec peer would then point to your ADSL interface address and everything should go fine.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...