2 ISP connections into 1 Pix 515e

Posted on 2006-06-06
Last Modified: 2013-11-16
Hello experts,

I have a very simple setup at present: 1 ISP --> Cisco Router 1721 --> Pix 515e --> LAN

I am adding an additional ISP service into the mix for web/video streaming and want to keep this separate from internal users. I need to find out whether the Pix can handle an expansion to the no. of interfaces so that I can split the two Internet connections for different Local IP address ranges, some of which will use the existing connection, and others (external users + web/video servers) will be on the new connection.

Is this possible using the Pix 515e?

many thanks in advance.

Question by:TargetTV
    LVL 19

    Expert Comment

    hi Chris

    The short answer is no - a PIX can only have 1 default route for outbound traffic.  The quickest and simplest solution to using 2 isps is to have the 2 Wics in 1 router and let them load balance the traffic
    have 2 seperate ISP routers connected to a switch - connect the PIX outside interface to the switch and configure the routers to use HSRP and BGP to share an ip address.  Then the PIX can route all traffic to this virtual address.

    hope this helps

    Author Comment

    hey nodisco, I'm interested in the second idea as I will be getting another router from the ISP. However, I cannot understand how this will be able to keep the two ISPs separate as per my requirements. Wouldnt creating a virtual IP address to the switch then combine both ISP's traffic? If not could you elaborate on what you mean.

    Many thanks for your help,

    LVL 19

    Accepted Solution


    ISP1             ISP2
    router1         router2
     |                   |
     |                   |
      outside switch
        PIX outside
        Inside LAN

    In this situation you have a small outside switch and say the routers are configured as follows:
    Router1 and Router2 ethernet interfaces are setup with public ip addresses in the same range as the PIX outside ip address.  You then create a "virtual" public ip address that both routers use and share.  The PIX has a default route for all traffic to this virtual ip address.  I don't know your office size but its quite a common setup for a large office/enterprise.  HSRP is a failover protocol so that if one ISP goes down you can still use the other connection.  But to get full benefit from it, you can use BGP with your ISPs and have local BGP between the routers.  That way traffic for certain providers will go out over their respective link - e.g. AT&T, Verizon etc


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now