Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

2 ISPs and a PIX 515

We've recently added a new Internet connection from a different provider (T1) to our network. Eventually, we're planning to move our Internet usage completely to the new connection, but in the mean time, I'd like to leave the statics the way they are on the existing connection but utilize the new T1 for our users browsing the Internet. As the PIX doesn't allow for two "outside" interfaces or any sort of policy-based routing I have the new Internet connection terminated at the 2610 router we had been using for the initial Internet T1. My hope was that I could use route mapping to grab the traffic coming from the PIX with the dynamically NATted IP address for Internet bound traffic, NAT it again with an IP address suitable for the new Internet connection, and send it out the new interface.

First of all, does this sound OK? Early attempts seem to fail, but I'm not completely sure of the appropriate config to make this happen. With the dynamic NAT on the PIX, will NATting that single IP address on the router again work? What routing issues do I need to address? Should I be looking at doing this in some other way?

Any thoughts at all would be appreciated!

Thanks!

1 REPLY
Silver

Re: 2 ISPs and a PIX 515

If you deploy a router between the WAN link and the FW. And the FW carry tha NAT, I believe it can't work in this case. It was because the FW cannot carry the NAT to two providers.

So I suggest to enable the NAT at the 2610 instead of the FW. Then the inside traffic is belonging to the internal network address then the 2610 respond to translate it to corresponding outside (ISP) address.

You are correct that only if there are two outside interfaces from PIX. Otherwise, it can't work. Please advise if I misunderstood the case.

Hope this helps.

96
Views
0
Helpful
1
Replies
CreatePlease to create content