Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Multiple Outside Interfaces

Status
Not open for further replies.
western592

western592

MIS
Oct 18, 2001
18
CA
Just trying to figure out if this scenario will work.

I would like to setup two ouside interfaces and two DMZ's on my pix firewall. ie. each outside interface will be attached to different routers connected to the Internet.

Traffic will not need to be routed between the two networks. ie outside interface 1 will send traffic to dmz1 and outside interface 2 will send traffic to dmz 2

If this will work, how do I setup the route command?

Would this work?
route outside1 "dmz1 ip's" "dmz1 subnet" "router1 ip" 1
route outside2 "dmz2 ip's" "dmz2 subnet" "router2 ip" 1

Thanks for the help!

Dave
 
Sort by date Sort by votes
What's the reason for connecting two routers to two interfaces?

Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************
 
Upvote 0 Downvote
We need to keep the two hosting networks seperate. But I would like to avoid purchasing a second firewall.

Dave
 
Upvote 0 Downvote
By "hosting networks" I presume that you mean the DMZ's. If that is the case then the DMZ interfaces will keep them apart but you shouldn't need two internet connections. You can still apply the rules to filter traffic to each DMZ but through a single connection to the internet.

Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************
 
Upvote 0 Downvote
I need to have each DMZ with their own dedicated Internet connection (T1). Would I need a second Pix?
 
Upvote 0 Downvote
There is really only one possible default gateway on the box.

Which means. All outbound traffic will be forwarded to ONE router.

Stick with the suggestion from chris --one internet connection.

 
Upvote 0 Downvote
What makes you think that each DMZ needs a separate internet connection?

Remember that the PIX firewall only has one outside interface with a security level of 0. Anything else is considered to be a perimeter network (DMZ)with a security level between 1 and 99.

Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************
 
Upvote 0 Downvote
I don't think that they do, I just wanted to know if it was possible. It looks like I will be purchasing an additional pix to create the two networks. The two networks must be totally seperate, including a seperate connection as per the agreed to SLA.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

handle2110
  • Locked
  • Question
Communication between interfaces
Replies
0
Views
64
handle2110
handle2110
ttrsux
  • Locked
  • Question
Error opening IKE port 4500 on Interface outside
Replies
0
Views
135
ttrsux
ttrsux
Shad0wguy
  • Locked
  • Question
Unable to ping specific IP across interfaces, can ping on same interface
Replies
6
Views
224
Shad0wguy
Shad0wguy
xylax
  • Locked
  • Question
Redirecting HTTP traffic from INSIDE to OUTSIDE using ASA NATs
Replies
0
Views
52
xylax
xylax
brk1221
  • Locked
  • Question
Change multiple addresses on an ASA 5510
Replies
5
Views
126
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top