Re: Routing proble on a PIX v.6.2.1

rselmi · ‎03-12-2003

When i configure on a PIX v.6.2.1 a route default for the net 192.168.0.0 255.255.0.0 towards a gateway on a DMZ and creating a VPN PIX-to-PIX with an access-list to a remote net 192.168.1.0 255.255.255.0 the routing excludes this net from the route default?

gfullage · ‎03-12-2003

Not sure I understand the problem here. If you have:

> route dmz 192.168.0.0 255.255.0.0 x.x.x.x

but you also have a VPN going out ovr the outside interface to a 192.168.1.0 network, then you'll have to also have:

> route outside 192.168.1.0 255.255.255.0

If I've got the wrong interpretation of your problem please provide additional details to explain. Thanks.

rselmi · ‎03-18-2003

The second one is not a route, but an access-list related to a VPN:

>access-list 10 permit ip 172.30.0.0 255.255.0.0 192.168.1.0 255.255.255.0

>crypto map newmap 10 match address 10

gfullage · ‎03-18-2003

Still don't understand the problem. If you have something like:

> route dmz 192.168.0.0 255.255.0.0

but you also have a VPN with a remote network of 192.168.1.0, then simply point that subnet out the outside interface as I mentioned in my previous email, it'll be more specific than the class-B route and be used as a higher preference.

rselmi · ‎03-19-2003

Therefore, if I plan an access-list with a specific net on a vpn and this net is included in an active route, the access-list has a greater weight. Correct?