Solution is trivial ...

Use a tool like www.ipchicken.com to discover outside WAN address
In my cse if address is 24.x.x.x then I know I connected thru PIX#1

Setup Outlook profiles accordingly

I now have SOHO redundant access to the Internet; both at a hardware
layer and at an access layer


Thanks to all the anal...ysts who replied

In article <e092fc23.0405090919.66a6a021@posting.google.com>,
mh <merv.hrabi@rogers.com> wrote:
:Solution is trivial ...

:I now have SOHO redundant access to the Internet; both at a hardware
:layer and at an access layer


:Thanks to all the anal...ysts who replied


This "anal...yst" would point out that the PIX series has
no way of detecting that an interface is down and changing routing
when it is, let alone refraining from acting as a DHCP server.

ADSL in particular is prone to having failures one hop away from
the CPE, leading to the situation where the outside interface is up
but you can't get anywhere. In this case, you don't even get the
clue that the outside interface transitions to down (which
you could theoretically detect the message for on a syslog server, or
perhaps even detect via an snmptrap.)

You thus do not have redundant access at the hardware layer in
the normal usage of 'redundant' as applied to network hardware layers.
You might perhaps have software on all of your systems that is
automatically testing connectivity and telling one or the other of the
PIXes to turn its inside interface off (or at least to turn off dhcp
service), but that would be redundancy at the -software- level... and
if you were doing that of automatic work, then adjusting the smtp server
would have been a fairly simple addition to your procedure.


It thus appears to this "anal...yst", based upon what you have written
so far, that what you -actually- have is a system that requires manual
intervention when either of the WAN links fail. That's better than
only having a single link available to you, but I don't think most of
us would term it as being "redundant access".


It is difficult for "anal...ysts" to give you the advice you are hoping
for when you do not provide the "anal...ysts" with detailed information
about how your systems are configured, about the automatic recovery
procedures that are available to you, and about the manual steps that
you are willing to take. In this newsgroup, the norm is that if people
that have multiple ISP connections want as close to fully automatic fallover
as they can get under their technical (and financial) situation. In
situations where that is not true, the onus falls upon the poster to
explain the poster's requirements.


It is also difficult for "anal...ysts" to give you the advice you
are hoping for when you insult them after they voluntarily tried to
help you as best they could based upon the information you supplied.
Not exactly the best approach you could have taken towards winning
friends and influencing people.
--
Caution: A subset of the statements in this message may be
tautologically true.

Dear ab...user

You might be better off using a dual WAN router like the ones offered
by Xincom (www.xincom.com). It can load balance 2 Internet feeds like
(probably your case) one from Rogers and one from Sympatico (that yes,
only allows SMTP traffic via their SMTP server). You can configure the
Xincom router to bind the SMTP traffic to one of the links (i.e.
Rogers). Since you appeared to be concerned with the cost, with this
you do not need the Pix firewalls anymore and the Xincom itself is
cheaper than a Pix. You can also get a similar appliance from Symantec
but Xincom has more features.

Adrian

http://www.eventid.net/firegen/firegenpix2.asp

merv.hrabi@rogers.com (mh) wrote in message news:<e092fc23.0405090919.66a6a021@posting.google. com>...