Re: Pix with 2 different ISPs [7:5349]

Wed, 23 May 2001 14:31:35 -0700 

I believe you need a router on the outside to determine where the packets
go.  I can't think of how you could get the PIX to route based on source
(there are not route-maps).  All you can do is permit/deny based on
source...

A sort of "load balancing" that you could do for a server would be to bind
two private IPs (each pointing to public IPs from the two different ISPs)
and have DNS point to both public addresses.  That would tend to load
balance the incoming traffic without getting into BGP.

On the external router, you would just use a route-map to determine based on
source address which ISP to route back through.

Mind you there is no redundancy here.  You'll need BGP for that, and even
then you might not get global redundancy.

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Tai Ngo""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All,
>
> Can somebody tell me if this is possible?  If so, please provide
> configuration details.   We have 2 ISPs, one that is 204.23.23.x and the
> other is 205.23.23.x.  We have 2 Pix firewalls, one which is configured
> for active with both outside interfaces.  The other pix is configured as
> standby.  Will the Pix firewall be smart enough to know how to route
> traffic back out the network it came from?  For example, if a user came
> into our website from 204.23.23.x , will the Pix know how to route the
> info back out that interface instead of through the 205.23.23.x network?
>
>
> My guess is it's not possible because when you look at the configuration
> on the Pix, to route info outside, you would use "route 0.0.0.0
> 204.23.23.x 1" .
>
> Thanks!
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=5622&t=5349
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to