I have a difficult situation here. On my pix i have 3 different upstream service provider's IP Addresses.
We have a number of VPN users and we distribute users on three ISP's accordingly (by priority, bandwidth , latency etc..)
PIX has default gateway of Service Provider 1
VPN users are using another local ISP to connect to our PIX. But they are unable to connect via IP's of SP#2 and SP#1 untill we route the Customer IP's via that interface. (We were doing it till today)
Now we are in a situation, TWO VPN USers from a same ISP (local) needs to connect to different interface of our PIX. IP's of both users is dynamic so we cannot add static route towards both interface.
Is there any solution to this, like when user tries to connect VPN on interface of PIX, its traffic should be routed via same interface, without any sttaic route.
I'm sorry to say it, but you'll have to redesign your network a little bit to do this. As you know the PIX doesn't support more than one default gateway.
If you could shed some light into how your network is built, ie. a drawing of how the ISP's are connected to your PIX, with IP-ranges etc. (you could make up some new 'fake' addresses to hide this from the forum), we could possibly help you in designing a new network with as few modifications as possible.
Basically a router in front of the PIX with some clever policyrouting should do what you want, but to give you the details, I'll have to have a more understanding of your network.
um this is good approach , but i am unclear how to nat my PIX via router reversely. LIke if packet comes in on one service provider, its natted into the POOL and then forwarded to the PIX (How forwarded ?? this is unclear , like a static NAT ??).
i have Public IP's from service providers and would like to use one specific say 18.104.22.168 that users dial on this. your help would be great.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...