 Adding second internet feed---any ideas??
my company is trying to introduce a second internet feed (ADSL feed) to the nokia ipso firewall-1 (NG+AI) for outbound traffic but still want to route VPN traffic down the existing lease line. The ADSL feed is connected to a ADSL router which is perfoming hider NAT which the firewall-1 box is directly connected to.
As we have VPN's terminated on the existing external interface (193.132.132.2) & externally NAT'd IP's on the 193.132.132.0/24 range we still require these to remain in place. I was hoping that by changing the default route on the fw-1 box to the adsl router (192.168.253.146) and adding static routes for the VPN traffic & relevant remote vpn gateways this would allow us to use the ADSL feed for outbound internet traffic, VPN traffic down the existing lease line feed & that externally NAT'd machines would still answer inbound requests on their nat'd IP (which is on the existing lease line).
Unfortunately while the VPN's still worked and machines in the LAN outbound connections were routed down the ADSL feed, inbound requests to NAT'd IP's in the 193.132.132.0/24 range failed though I could see them being accepted inbound. I believe that this is due to the return path of the packets going out of the default route ADSL feed rather than the existing lease line feed.
The only way I could see of overcoming this would be to create 2 seperate routing tables on the fw-1 box, one with the ADSL feed, one with the Verizion feed, each with a seperate interface/IP in the LAN. Externally NAT'd machines would have to be pointed at the router instance with the Verizion feed , all other at the one with the ADSL feed. Then on the routing instance with the ADSL feed have a route pointing all VPN traffic at the other routing instance.
I don't believe you can have 2 routing tables on a ipso box - can anyone think of a way to do this all in the fw-1 box? -thanks and sorry for the long post :)  | 
Adding second internet feed---any ideas?? 
2007-11-20 
Linear Mode
