• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 534
  • Last Modified:

2 ISP connections into 1 Pix 515e

Hello experts,

I have a very simple setup at present: 1 ISP --> Cisco Router 1721 --> Pix 515e --> LAN

I am adding an additional ISP service into the mix for web/video streaming and want to keep this separate from internal users. I need to find out whether the Pix can handle an expansion to the no. of interfaces so that I can split the two Internet connections for different Local IP address ranges, some of which will use the existing connection, and others (external users + web/video servers) will be on the new connection.

Is this possible using the Pix 515e?

many thanks in advance.

Chris
0
TargetTV
Asked:
TargetTV
  • 2
1 Solution
 
nodiscoCommented:
hi Chris

The short answer is no - a PIX can only have 1 default route for outbound traffic.  The quickest and simplest solution to using 2 isps is to have the 2 Wics in 1 router and let them load balance the traffic
OR
have 2 seperate ISP routers connected to a switch - connect the PIX outside interface to the switch and configure the routers to use HSRP and BGP to share an ip address.  Then the PIX can route all traffic to this virtual address.

hope this helps
0
 
TargetTVAuthor Commented:
hey nodisco, I'm interested in the second idea as I will be getting another router from the ISP. However, I cannot understand how this will be able to keep the two ISPs separate as per my requirements. Wouldnt creating a virtual IP address to the switch then combine both ISP's traffic? If not could you elaborate on what you mean.

Many thanks for your help,

Chris
0
 
nodiscoCommented:

ISP1             ISP2
router1         router2
 |                   |
 |                   |
  outside switch
           |
    PIX outside
           |
    Inside LAN

In this situation you have a small outside switch and say the routers are configured as follows:
Router1 and Router2 ethernet interfaces are setup with public ip addresses in the same range as the PIX outside ip address.  You then create a "virtual" public ip address that both routers use and share.  The PIX has a default route for all 0.0.0.0 traffic to this virtual ip address.  I don't know your office size but its quite a common setup for a large office/enterprise.  HSRP is a failover protocol so that if one ISP goes down you can still use the other connection.  But to get full benefit from it, you can use BGP with your ISPs and have local BGP between the routers.  That way traffic for certain providers will go out over their respective link - e.g. AT&T, Verizon etc


         
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now