You should be able to do exactly what you said as long as you have at least 2 public IP addresses. Use one for the interface and all regular users and use the other IP for the two servers. Create two different nat and global pairs.
John Kaberna CCIE #7146 (R/S, Security) NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCIE R/S and Security 5-day class www.ccbootcamp.com ""Wayne Jang"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > The Pix don't route, but can I do this? > > I have a 2 server 20 user small office. > > I have a Pix 506 sitting in front of a 2621 with a T1 and a DSL link to the > Internet. I'm not looking to load balance or even do redundancy. I just > want traffic from the servers to use the T1 and I want traffic from the > users to use DSL. I could use access-lists on the 2621 to direct the > traffic based on source address, but how will the 2621 know where the > traffic came from? Won't all traffic have a source address of the Pix > outside interface? What if I Nat the servers(on PIx) so that they will > appear to have a different source IP than the users who will be behind the > global outside address? I'll need more public addresses, but that would be > fine. > > I can't get any help from Cisco Pre-Sales because they aren't sure. I can't > get an engineer that knows more than me (not much). > > My fall back plan is to only use the 2621 and have a firewall IOS. But I > would rather use the Pix, especially because we have already quoted the > above solution and are working to save face. > > Thanks > > -- > Wayne Jang > Advanced Computer Technologies, Inc. > 108 Main Street > Norwalk, CT 06851 > Wk 203-847-9433 > Cell 203-943-6603 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46357&t=46356 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
