I am pretty sure you can only have one "outside" interface ...
To achieve what you want, I would think you could connect it to an
intermediary router and let the *it*
make the routing decisions between which ISP traffic goes to ...
Thanks!
TJ
(2 * PIX = Pices?)
-----Original Message-----
From: Andras Bellak [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 22, 2001 02:07
To: [EMAIL PROTECTED]
Subject: RE: Pix with 2 different ISPs [7:5349]
Have you tried putting a default route in for both of the cards? Will the
pix accept it? I don't have a pix with two Outside cards, just one outside
and one DMZ, and my lab system is in the middle of a different experiment.
If you could do each interface with a seperate default route, you might make
it work. The PIX knows what interface a packet came in from, and should put
the exiting packet back on the same wire it came in on. I'd be curious.
Might have to try that one tomorrow.
Tai Ngo wrote:
>
> Hi All,
>
> Can somebody tell me if this is possible? If so, please provide
> configuration details. We have 2 ISPs, one that is
> 204.23.23.x and the
> other is 205.23.23.x. We have 2 Pix firewalls, one which is
> configured
> for active with both outside interfaces. The other pix is
> configured as
> standby. Will the Pix firewall be smart enough to know how to
> route
> traffic back out the network it came from? For example, if a
> user came
> into our website from 204.23.23.x , will the Pix know how to
> route the
> info back out that interface instead of through the 205.23.23.x
> network?
>
>
> My guess is it's not possible because when you look at the
> configuration
> on the Pix, to route info outside, you would use "route 0.0.0.0
> 204.23.23.x 1" .
>
> Thanks!
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=5415&t=5349
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
