RATE THIS ANSWER
0
Click to Vote:
- 0
0
Last Answered:
Mar 11 2008 7:50 PM GMT
by Jlees
You could probably accomplish this with a PIX--- but it will be
Gimpy at best. I say that assuming you are offering NO external services on this interface... or to the 200.x.x.x network. Meaning no one from the outside world uses this connection to connect to services on your network and that no one on teh 200.x.x.x internet segment connects or uses these services..
You could create a NAT translation for the specific range of internal addresses you want to use the new connection. AND/OR create a global NAT for the new interface and set a route for the 200.x.x.x range to use the new interface.
It sounds like you want all traffic destined to 200.x.x.x to go out this new interface rather than the old one, which would require you to create a NAT for the interface (either global or a pool for specific IPs) and then set a route for the pix to deliver traffic destines to 200.x.x.x out this new interface.
If you wanted to split your network into two sections you could say traffic from the DMZ goes out one interface/ISP and traffic from the regular network goes out the other, again potentially via NAT addresses and routes. However this last one would be gimpy and could potentially create you problems if you offered services of some type on multiple segments of your network.
The more standard way to do this, if you offered servcies (http, https, ftp, etc) would be to have your own IP space and enter into a BGP partner relation ship moung the two ISP's to route traffic to you over their connections. However, this generally requires more anvanced hardware at the router than the PIX or even the new ASA line can handle on their own.
Firewalls, PIX, Cisco PIX
Hi,
