I have a PIX with two ISPs connections, each one arrives to a different PIX interfaces. ISP1 is the default route for the PIX. If I receives a connection to an internal server through ISP2 (non default route), did the PIX answer this client through the same connection (ISP2) or through the default route (ISP1)?
I'm trying to arrive to an internal web server through ISP2 and I can't. If I put an static route in the PIX to the ISP2-client IP through ISP2 router I can. But I can't set advanced routes in the PIX (based in source IP address), so how can I solve this problem? I want to set one ISP for navigation and the other one for my servers (web, e-mail,...)
This will depend on the case from where the connection is originated and where it ends. If the connection is originated by PIX or by some internal client it will go through default route (ISP1) but the return traffic may come from any of the ISP's. If the incoming traffic is coming from any ISP it will always leave from default route (ISP1), but this will depend on traffic type.
The only way I've gotten something like this to work was to use 1 ISP for default route communications (i.e. Internet access), and the 2nd ISP for staticly routed connections (i.e. VPN site-to-site tunnels).
Alternatively you can use a Cisco IOS router and connect both ISPs into it upstream from the PIX and then use policy routing on the Cisco router to route traffic in/out each ISP based upon the source IP address. Then you control which ISP is used based upon what IP scheme you NAT into on the PIX. I've done this before and it works fine.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :