I'm not sure exactly what you want as an end result but I can throw a couple of pointers out.
PIX can only have static routes. Therefore all of your traffic would pass through via these rules. Inside users would most likely need NAT enabled & be using only one ISP. Incoming connections would work from one ISP under normal circumstances. I have never tried this with multiple ISP's so it's something to try if you have a chance. Use actual IP addresses on the DMZ containing the web servers and use NAT 0 so nothing gets translated. This might allow multiple ISP connections to get to the web server without using static commands but you still have to access-list rules (avoid conduits for this). The question I have is....your multiple ISP's would all have to have routes for the web server addresses....so only one ISP can actually "own" the IP block and have internet users routed through them. I don't think you're going to get what you want unless you set up a router outside the PIX to utilize BGP or something similar. However if you own different IP ranges from multiple ISP's then the PIX could handle setting up different interfaces with different IP blocks. You could then set up static commands but it would require a little duct tape & bubble gum tactics to get statics to map since it would need a different internal IP for each static. Best bet is to let a router handle the ISP's and traffic shaping and just let the PIX be a firewall. ----- Original Message ----- From: dolphin To: Sent: Monday, November 26, 2001 3:43 AM Subject: Cisco PIX 525 Multihoming [7:27305] > Hi I wonder is it possible to implement multi homing scenario? (I dont mean > BGP's multi home,i use hulti homing as concept..) > Suppose that my customer has 3 different ISP and > he/she want to place a web server in a certain dmz interface and use one of > the isp's only for web server's http access and use one of the dmz > interfaces for another purpose via another isp and finally want to use > outside interface via 3.rd ISP for his/her network's internet access.Is this > possible.(There are 3 seperate router (2610 ) for 3 isp access and i want to > implement this scenario:When a client connects to web server in dmz1 > interface through isp1's router its returning packets must be go back > through with the same router) > I tried to simulate this stituation but when i want to add static route per > interface basis for 0.0.0.0/0.0.0.0 that i saw that i cant add static route > with same metric.PIX doesnt allow.. > Thanks in advance.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27318&t=27305 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
