Multiple ISPs and VLANs

  • Hello all.  I have a design that I am having a difficult time implementing on my ns25/5.1.0r3.0 and three Internet circuits.  With all three circuits in zone untrust and ECMP enabled, I can connect to the Internet across all three circuits without any problems.  However, I want to isolate each circuit into it’s own VLAN so a workstation in our local network will not switch between the circuits while browsing the web.  I suspect that each circuit will have to have it’s own zone and virtual router, plus a vlan interface, but I am not certain if this is the best route.

    Anyone have any suggestions?

  • Thanks screenie.  I actually just installed 5.4 to use PBR as this is probably the best option.

    You could upgrade tp 5.4 and use PBR or source based routing to override the destination routing. 5.4 is (from memory) the first version with policy based routing. For ECMP to work all internet interfaces must be in the same zone.