We are currently running off of a single MIS T1 and have a Pix 515E and a Cisco 2800 Series router.
We have ordered and received a new Dual-T1 MIS.
I added 2 serial cards to my 2800 and and additional ethernet port to my Pix 515e
Our existing MIS T1 handles our VPN & Internet Email and we'd like consolidate it to that purpose as well as being the primary connection for our main campus. The two additional lines we'd like to have the rest of the remote branch offices (all connected via T1s or partial T1s) utilize.
Attached are the Sample Configs and the Versions
also attached is an illustration of the physical cabling.
The documentation I am finding indicates I may need another router or firewall.
"When you have three or more interfaces in your firewall only one default route is permitted"
Does anyone know how I would go about doing this?
I, too, had a similar situation about a year ago. I decided to use routing policies on the router outside of the PIX. Basically, build access lists to define the traffic you want to route, then send it out the interface you want.
I had written up a little piece on my blog, but it's currently "down" for the moment.
You can configure PBR as Arron suggested in the router.
For the firewall, yes, I believe it support one default route only, so have to configure static route for the remote sites. I could suggest not to configure default route unless there is a need and configure static for all sites (including main, remote branch). It was because the default route will cause all not on-the-list desitnation traffic to forward to the default path, e.g. virus attack or port scan. So use static route is better.
For a simplier soltuion, yuo can just implement dyanmic routing protocol at the routers and use one outside interface at firewall is fine. Let the router to determine the path and firewall only to examine the packet.
If it is not your preferred solution, please advise the limitation.
Hope this helps.
According to my proposal, you can use only one outside interface at firewall and configure static route or dynamic route at router.
Please advise the reason and requirement if you insist to use two outside interface at firewall.
It was because even you setup the static route at firewall, you still use to setup corresponding statc route at router, due to two firewall outside interfaces terminated at the same router. If they are terminated at different routers, the static route at firewall may be useful.
Do you mean upgrade PIX to OS 7 for the dual static routes ?
Could you please advise why require PIX to have two outside interfaces and connect to same router ?
This is related to the limitation on the PIX, it is a design issue. I believe the upgrade of OS of PIX cannot solve a design issue. Please feel free to let us know the detail then we can propose any suitable solution.
Hope this helps.