Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pix 501 migrating to new ISP

Status
Not open for further replies.
neonrh

neonrh

IS-IT--Management
Aug 8, 2002
23
US
Hello all,

I have a PIX 506e and I'm migrating our Internet connection to a new ISP. The new ISP connection is in place and tested. It has a new IP address scheme, which I will be moving our company over to (changing DNS, etc). I currently have both Internet connections connected to a small Netgear switch, which then plugs into the external port on the PIX. The PIX is only communicating to the current ISP connection at this time.

My question is this: Can I program the PIX to have two external IP addresses (one for each ISP) so that I can make the DNS migration somewhat seamless? Or do I have to change the existing address entry and experience a small outage of incoming mail/web requests while DNS propagates?

 
Sort by date Sort by votes
No. The pix can only do one external address range. You will have to do a cut over or get a router to sit in front of it to use both ips.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
While you can configure multiple interfaces with a public address - including default gateway, it's not going to work with different ISP's unless your nexthop is a shared router (terminates both ISP's). In this case, your looking at an MHSRP configuration.... ANYWAY, if you take the ethernet handoff from both ISP's on your PIX your going to break state... traffic in one interface and out the other (example). Hope this helps!

-Erik
 
Upvote 0 Downvote
The 501 only has 2 configurable interfaces with no vlan support, so it can't do multiple outside interfaces. Even if it could the 501 (and 506e) can only run Pix 6.x code that will not do multiple internet connections even if they are from the same ISP unless they form a contiguous subnet. So while you can configure 2 outward facing interfaces, it just won't work.

The problem is the default route and the routing process.

Even with the current release and new hardware, Fault tolerance/redundant fail-over is not avail. until 7.2 or later. Load balancing is not avail even in 7 or 8 code (latest 8 that I'm aware of anyway.)

They just aren't made to do this kind of stuff. You need a router or just wait out the DNS propagation.




Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Thanks to both of you. I'll handle it manually based on your answers.

On a similar note, is there anything else that I should be aware of when performing this switch? When I change the external IP, will it know to change the rules/mappings/forwards/etc or will I have to change each entry manually?

Thanks again!
 
Upvote 0 Downvote
Yes, you have to change all your statics and ACLs to match. If you have VPN's running then you will have to fix those as well. In the past I have had to blow away the VPN config and do it over from scratch. Nuke it from orbit. It's the only way to be sure. :)



Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
289
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
247
nnaarrnn
nnaarrnn
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
304
Johnkite
Johnkite
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
61
xwray
xwray
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
71
brownmab53
brownmab53

Part and Inventory Search

Sponsor

Back
Top