CompTIA
Exam Vouchers
Save money on CompTIA exams
| Question of the day
Sign up to receive
interactive practice questions
for MCSE, CompTIA
Cisco and other exams
| TestKing
Get MCSE, MCSD, CCNA, CCNP,A+, N+ and many more | * ExamSheets *
Guide for Success!
Actual Questions & Answers
MCSE, MCSD, A+ ,CCNA, CCNP
Oracle 8i, Oracle 9i Online practice tests
Certification sites Online university Online college Online education Distance learning Software forum Server administration forum Programming resources
|
|  |
| Author |
PIX configuring 2 'OUTSIDE' interfaces
|
Peakey
Junior Member
Registered: Feb 2001
Location: Sydney
Country: Australia
State: NSW
Certifications: MCSE, CCNA
Working on: CCNP
Total Posts: 12
|
|
 PIX configuring 2 'OUTSIDE' interfaces
Hi All,
I’m hoping that someone might be able to suggest a work around for the following.
In a nutshell, I have 2 ISP connections connected to 2 separate ‘outside’ interfaces on my firewall. Both of these interfaces need to communicate with the same server on the ‘inside’ network.
E.G.
Ip address outside 1.1.1.1 255.255.255.0 (goes too ISP 1)
Ip address outside2 2.2.2.2 255.255.255.0 (goes too ISP 2)
Ip address inside 10.10.10.10 255.255.255.0
Static (inside,outside) 1.1.1.250 10.10.10.50 netmask 255.255.255.255
Static (inside,outside2) 2.2.2.250 10.10.10.50 netmask 255.255.255.255
Conduit permit tcp host 1.1.1.250 eq www any
Conduit permit tcp host 2.2.2.250 eq www any
How do I configure a route saying any traffic coming into 1.1.1.250 via 1.1.1.1 goes back out that same interface and any traffic coming into 2.2.2.250 via 2.2.2.2 goes back out that same interface?
My situation at the moment is that if I configure a default route of ‘route outside 0.0.0.0 0.0.0.0 1.1.1.x’ then traffic coming in via 2.2.2.2 goes out 1.1.1.1, this situation is causing issues.
I need to use a destination route of 0.0.0.0 0.0.0.0 as I will be routing back out to the internet.
Any thoughts??
Thanks
Peakey
Report this post to a moderator
|
|
 04-10-02 06:34 AM
|
|
MadChef
A Huge Fake
Registered: Sep 2000
Location:
Country: USA
State:
Certifications:
Working on: A Sex Farm
Total Posts: 1426
|
|
|
I don't know of anyway to get the pix to do what you want. You can't have a second default route and that's all the Pix is considering when forwarding traffic.
I think you might consider setting things up differently and hang everything off of one outside interface. Most people accept BGP feeds to balance the two links.
MadChef
Report this post to a moderator
|
|
|
04-10-02 11:17 AM
|
|
Yeti-GBR1
A Complete Twit
Registered: Oct 2000
Location: Yeti Town, Yetiville, UK
Country: UK
State:
Certifications: Too many to list.
Working on: Getting a real life outside IT.
Total Posts: 1105
|
|
What about a virtual link (using HSRP) ie the 2 PIX are seen as a Virtual PIX for fault Tolerance (BTW I've never seen a PIX, but I know this works with normal Routers (NOT 2500's though) as I have now tested it in my lab on the 2600's)..just a thought...could be way way off the mark though?
http://www.cisco.com/warp/public/619/index.shtml
__________________
Yeti the Inquisitive 
MCNE, MCSE(NT4), MCSE 2000, SCO ACE, LCP, Compaq ASE, CCNA, CCIE Wannabe (part of the Wannabe Boffin Club).
www.yeti-gbr1.co.uk
www.ciscolabs.co.uk
Last edited by Yeti-GBR1 on 04-10-02 at 11:36 AM
Report this post to a moderator
|
|
|
04-10-02 11:27 AM
|
|
haseeb_eng
Senior Member
M
Registered: Oct 2001
Location: Kuwait City
Country: Kuwait
State:
Certifications: CCNA, CCDA, CCNP, CCDP, CCSP, Content Networking, Wireless LAN Design Spec.
Working on: PMP CCIE (R&S) MBA
Total Posts: 1165
|
|
|
|
04-10-02 11:52 AM
|
|
Yeti-GBR1
A Complete Twit
Registered: Oct 2000
Location: Yeti Town, Yetiville, UK
Country: UK
State:
Certifications: Too many to list.
Working on: Getting a real life outside IT.
Total Posts: 1105
|
|
|
|
04-10-02 11:52 AM
|
|
Yeti-GBR1
A Complete Twit
Registered: Oct 2000
Location: Yeti Town, Yetiville, UK
Country: UK
State:
Certifications: Too many to list.
Working on: Getting a real life outside IT.
Total Posts: 1105
|
|
|
|
04-10-02 12:11 PM
|
|
cisco_kidd20
Member
Registered: Apr 2002
Location:
Country: United States
State:
Certifications: A+, CCNA
Working on: CCNP, MCP, CSS
Total Posts: 45
|
|
|
|
04-10-02 12:56 PM
|
|
Peakey
Junior Member
Registered: Feb 2001
Location: Sydney
Country: Australia
State: NSW
Certifications: MCSE, CCNA
Working on: CCNP
Total Posts: 12
|
|
|
|
04-10-02 10:29 PM
|
|
|
Click here for CCNP study guides
Cisco exam notes
Forum Rules:
Who Can Read The Forum? Any registered user or guest.
Who Can Post New Topics? Any registered user.
Who Can Post Replies? Any registered user.
Changes: Messages can be edited by their author.
Posts: HTML code is OFF. Smilies are ON. vB code is ON. [IMG] code is ON. |
|
ExamNotes forum archive
|
