I think I tried that at some point. When I go back on-site I'll give that a try. My biggest question is, will the PIX be able to route that packet if it stays on the same physical interface. I know if you have two remote site vpn's, they can't talk to each other unless the packet goes from the outside of the pix to the inside and back out again. On 6.34 it doesn't support this type of VPN because the pix can't send the packet out the same physical interface that it received it on. I'm just wondering if that rule applies to the inside as well.

Although the more I think about it the more it makes sense that it would be: route inside.

Hey Patrick, I just tried this on the PIX with a route inside statement. I can no longer ping the ip address. Prior to the change I could ping the IP address. If I'm doing the coniguration correctly on the pix and it's not routing, is there something on the other router that might be having issues?

route inside 66.66.66.66 255.255.255.0 10.3.0.251

route inside 66.66.66.67 255.255.255.0 10.3.0.251

route inside 66.66.66.68 255.255.255.0 10.3.0.251

route inside 66.66.66.69 255.255.255.0 10.3.0.251

I just found my answer for pix 6.3. I do not know about version 7. But for version 6.3 this is not supported. From the following technote: http://www.cisco.com/warp/public/110/pixfaq.shtml

Work stations between the Cisco Secure PIX Firewall and router should have their gateway pointing to the router, not the PIX. Even though they are directly connected, they will have problems accessing the new internal network if their gateway does not point to the router. The router should have a default gateway directing all unknown traffic to the inside interface of the Cisco Secure PIX Firewall. Installing a route for this new network in the PIX will not work either. The PIX does not route or redirect off the interface it received the packet. Also, make sure your nat statement includes the new network or the major net you are adding.

I will just make that router the default gateway.