We have a MAG 2600 device and two different ISPs. Last week one of the ISPs dropped and we were on our secondary, but the VPN would not work. After review, I noticed that the external port was tied to the main ISP, but no routes, etc. for the secondary. Is there a way for me to enter in a static route to make sure that if our primary ISP drops again we would be able to keep running the VPN using the secondary?
Let me know if you have any questions I can answer for more information.
Not sure if I well understood your needs, but you could use "virtual ports" to have several IPs on the same physical external ports.
Never tested with different subnets however, I usually use them to separate flows:
.1 is for core access
.2 is for Pulse access
.3 is for PTP
It allows to have more visibility.
Worth a try I guess, if it is possible to have 2 subnets on 2 virtual ports, then you may be able to use the routing table to make what you need.
Bear in mind that the external port on the MAG is not designed to be placed directly onto the internet but inside a DMZ zone. This should be treated like any other internet facing web server providing a public service.
So the only route the external interface should need is the default gateway for the DMZ zone where it is installed. Your routing and inbound nat from the two ISP would be handled by your edge firewall.
See the outline for dual DMZ deployments in kb 10162
SSL deploy options: