Home > Archive > CCNP > April 2002 > PIX configuring 2 'OUTSIDE' interfaces





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author PIX configuring 2 'OUTSIDE' interfaces
Peakey

2002-04-10, 1:34 am

Hi All,

I’m hoping that someone might be able to suggest a work around for the following.

In a nutshell, I have 2 ISP connections connected to 2 separate ‘outside’ interfaces on my firewall. Both of these interfaces need to communicate with the same server on the ‘inside’ network.

E.G.

Ip address outside 1.1.1.1 255.255.255.0 (goes too ISP 1)
Ip address outside2 2.2.2.2 255.255.255.0 (goes too ISP 2)
Ip address inside 10.10.10.10 255.255.255.0

Static (inside,outside) 1.1.1.250 10.10.10.50 netmask 255.255.255.255
Static (inside,outside2) 2.2.2.250 10.10.10.50 netmask 255.255.255.255
Conduit permit tcp host 1.1.1.250 eq www any
Conduit permit tcp host 2.2.2.250 eq www any

How do I configure a route saying any traffic coming into 1.1.1.250 via 1.1.1.1 goes back out that same interface and any traffic coming into 2.2.2.250 via 2.2.2.2 goes back out that same interface?

My situation at the moment is that if I configure a default route of ‘route outside 0.0.0.0 0.0.0.0 1.1.1.x’ then traffic coming in via 2.2.2.2 goes out 1.1.1.1, this situation is causing issues.

I need to use a destination route of 0.0.0.0 0.0.0.0 as I will be routing back out to the internet.

Any thoughts??

Thanks
Peakey
MadChef

2002-04-10, 6:17 am

I don't know of anyway to get the pix to do what you want. You can't have a second default route and that's all the Pix is considering when forwarding traffic.
I think you might consider setting things up differently and hang everything off of one outside interface. Most people accept BGP feeds to balance the two links.

MadChef
Yeti-GBR1

2002-04-10, 6:27 am

What about a virtual link (using HSRP) ie the 2 PIX are seen as a Virtual PIX for fault Tolerance (BTW I've never seen a PIX, but I know this works with normal Routers (NOT 2500's though) as I have now tested it in my lab on the 2600's)..just a thought...could be way way off the mark though?


http://www.cisco.com/warp/public/619/index.shtml
haseeb_eng

2002-04-10, 6:52 am

2 outside interfaces ?
Yeti-GBR1

2002-04-10, 6:52 am

Hmmm just been informed by a Mate that HSRP on PIX is "Fail Over" dam...well I tried
Yeti-GBR1

2002-04-10, 7:11 am

Yip something like this :

http://www.yeti-gbr1.co.uk/labs/hrsp/hrsp-pix.gif
cisco_kidd20

2002-04-10, 7:56 am

Try www.routergod.com They are very good and humorous!!
Peakey

2002-04-10, 5:29 pm

Thanks for the replys guys.... I will try an organise an alternate solution.

Peakey
Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net