Routing/default gateway issue

[woodc]

I have 2 PIX firewalls (520 and a 501) and each one is connected to a different internet connection on the outside and the same /24 private network on the inside. On the internal network all the machines point to a router for their default gateway and that router has the 520 as its default gateway.

When I setup a static and an access list on the 501 the packets make it to their destination inside...but when the machine tries to reply it sends it back out to the 520 which of course has no idea what to do with it. If I change the default gateway of any one machine to point to the internal IP of the 501 the opposite happens (inbound communication from the 520 makes it in but tries to leave on the 501)

I tried setting the internal IP of the 501 as a lower metric gateway on a machine but it does not use it since the higher metric one is actually available.

Can I make this work (traffic leaves via the same way it came in) without setting up an additional subnet?

Thanks

 

[Nynuxus]

Hi

If you are trying get some sort redundancy you would need 2 routers to the internet with seperate line preferebly from different ISP's setup with HSRP/VRRP and the co operation of the ISP's with things like BGP for the subnet across the 2 lines. Then I would use 515E's in a failover pair.

This gives a very redundant internet architecture.