How do we setup dual routes to the Internet?

The easiest way to accomplish this is to remove the pix completely. I have written a few articles on how to accomplish this task here
www.inacom-sby.net/shawn
It will get you most of the way there. Some route maps will have to be changed to get the users going out of the correct connections. Have a read, then post you configs and we can get this done.
Shawn

is this cisco pix with 7.2 ver , if yes tha only possible .

Removing the PIX is not an option.  Our current PIX has version 6.3.

The purpose of our request is to test a high speed cable Internet service without disrupting or altering our current setup.

Our current link to the Internet is a bonded pair of T1s giving us approximately 3Mbps.  For the low cost of a high speed cable Internet we can get approximately 16Mbps.  We want the cable link to test the functionality of using cable for our Internet.

We will keep our T1s in place due to our contract commitment and stability of the link.  In add we will continue to use it for our email service.

After incubating the ideas last night it dawned on us that even if we can route out the cable link, when the packet returns it will return through the T1 since that is where our NATed subnet is assigned to.

A new plan:

Leave current T1 alone.
Use an ASA 5505 and create the following setup.

user pcs -- switch -- gateway router -- pix -- edge router -- vendor router -- Internet
                      |
                      | __ ASA 5505 -- vendor cable modem --  Internet


We will request a few static IP address from cable vendor to PAT with.
The test PCs will use the asa as their gateway.
We would create manual routes on the test PCs.

If test works well then we would change the new gateway to be pushed out by dhcp.
We would create static routes for our email server to continue using the T1.

Is this a valid solution?
Should we include an edge router in front of the ASA for additional security?
Any comments or suggestions?

The IOS firewall is quite a bit more robust than the PIX but I digress. If the PIX/ASA combo is where you want to go with it the solution would look like this. (provided the core router is cisco)

PC----Switch --- Core Router-------Pix --- T1
                                                 |_ASA--- Cable

in the core router you would create a route map
ip access-list extended ToCable
   Permit ip host <IP of test PC> any
route-map director permit 10
   match ip address ToCable
   set ip next-hop <ASA IP address>

and on your core router's LAN interface
   ip policy route-map director


That will push the single PC over the cable connection and you can widen the subnet mask as you get more confident.
The downside of this configuration is the lack of load sharing, but you can still accomplish dual inbound access by assigning 2 ip addresses to each server and natting the pix to one and the asa to the other. The route-map would then be set to push the second IP address to the ASA. A router in front of the ASA would not provide any additional security. There is some good reading at the cisco site on the security features of their platforms here:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_qas09186a008010a40e.html
Shawn

wingatesl,
Your suggested solution may work but it breaks one of rules which is we cannot alter the existing setup.

This brings us back to our current proposed solution.  It appears simple enough that it should work.  Is there a good reason this is not a good approach?
user pcs -- switch -- gateway router -- pix -- edge router -- vendor router -- Internet
                      |
                      | __ ASA 5505 -- vendor cable modem --  Internet

The Cisco link was very beneficial and did answer my second question.  I think we will stay with the ASA for performance and simplicity since we do not need the added functionality of the IOS firewall.