Route command syntax question

gzullich · ‎12-23-2004

Hi, I have not been able to find an answer to this question.

I see routes on PIX deviced expressed 2 ways both seem to work.

1) route outside 0.0.0.0 0.0.0.0 149.149.43.129 1

2) route outside Toronto 255.255.255.0 123.15.203.193 1

What is the difference?

TIA

alutsik · ‎12-23-2004

"Toronto" in this case is the name defind with:

name

If:

name 172.30.1.0 Toronto

then:

route outside Toronto 255.255.255.0 123.15.203.193 1

equals to:

route outside 172.30.1.0 255.255.255.0 123.15.203.193 1

Regards,

Alex.

gzullich · ‎12-23-2004

Thanks for the reply, yes this is a spoke/hub site to sire VPN. So, are all packets then routed through the tunnel even those directed to the public internet?

I suspect

route outside 0.0.0.0 0.0.0.0 123.15.203.193 1

might be a better option?

TIA

alutsik · ‎12-23-2004

I guess you are right.

Default gateway (0.0.0.0/0) should be enough to function.

Logicaly:

In case you'll have both of them in, PIX will still use first one to route traffic to Toronto. It'll lookup Toronto next hope and will find out that next hop is not a directly conected address, then it'll look for the other route to get to that next hop and hence will use default route.

Alex.