Hello every one,
I currently have a PIX 515 - v6.3 set up in the following way
4 interfaces:nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 outside2 security50 nameif ethernet3 outsied3 security50
I have all my published services(http, smtp.. etc) on public IP of interface Outside.
All users internet traffic also uses this interface.
Outside2 is used for our VPN Inter-office traffic.
global (outside) 1 interface global (outside2) 1 interface global (outside3) 1 interface nat (inside) 0 access-list 100 nat (inside) 1 192.168.80.0 255.255.255.0 0 0 static (inside,outside) tcp x.x.x.107 www 192.168.80.4 www netmask
255.255.255.255 0 0 static (inside,outside) tcp x.x.x.107 smtp mail01 smtp netmask 255.255.255.255 0 0 static (inside,outside) tcp x.x.x.107 https 192.168.80.4 https netmask 255.255.255.255 0 0 static (inside,outside) x.x.x.108 192.168.80.6 netmask 255.255.255.255 0 0 static (inside,outside) x.x.x.109 192.168.80.12 netmask 255.255.255.255 0 0route outside 0.0.0.0 0.0.0.0 x.x.x.105 1 route outside2 z.z.z.16 255.255.255.248 z.z.z.241 1 route outside2 z.z.z.232 255.255.255.248 z.z.z.241 1 route outside2 z.z.z.192 255.255.255.248 z.z.z.241 1
I would like that all our internal users traffic use Interface Outside2.
this is what i have done so far.
i have changed the default route:
no route outside 0.0.0.0 0.0.0.0 x.x.x.105
route outside2 0.0.0.0 0.0.0.0 z.z.z.241.
all users can navigate on the internet fine.
the problem is that no one can reach our public ip address on interface outside after this change.
I think the problem could be that when te trafic gets translated to the internal ip address then it goes back to the pix and gets out whit interface Outside2 IP
Can any one give me a hand whit this.
thanks very much for your time