03-12-2003 02:22 AM - edited 02-20-2020 10:36 PM
When i configure on a PIX v.6.2.1 a route default for the net 192.168.0.0 255.255.0.0 towards a gateway on a DMZ and creating a VPN PIX-to-PIX with an access-list to a remote net 192.168.1.0 255.255.255.0 the routing excludes this net from the route default?
03-12-2003 02:54 PM
Not sure I understand the problem here. If you have:
> route dmz 192.168.0.0 255.255.0.0 x.x.x.x
but you also have a VPN going out ovr the outside interface to a 192.168.1.0 network, then you'll have to also have:
> route outside 192.168.1.0 255.255.255.0
If I've got the wrong interpretation of your problem please provide additional details to explain. Thanks.
03-18-2003 06:42 AM
The second one is not a route, but an access-list related to a VPN:
>access-list 10 permit ip 172.30.0.0 255.255.0.0 192.168.1.0 255.255.255.0
>crypto map newmap 10 match address 10
03-18-2003 02:59 PM
Still don't understand the problem. If you have something like:
> route dmz 192.168.0.0 255.255.0.0
but you also have a VPN with a remote network of 192.168.1.0, then simply point that subnet out the outside interface as I mentioned in my previous email, it'll be more specific than the class-B route and be used as a higher preference.
03-19-2003 12:37 AM
Therefore, if I plan an access-list with a specific net on a vpn and this net is included in an active route, the access-list has a greater weight. Correct?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide