Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
973
Views
0
Helpful
3
Replies

Default gateway on different subnet

duartesss
Level 1
Level 1

‎12-07-2005 08:36 PM - edited ‎03-03-2019 11:10 AM

Hello,

I have the following topology:

_______________________

|

| VPN Clients

|______________________

192.168.0.x

| | |

| | |

| | |

192.168.0.100

_______________________

|

|Cisco VPN Concentrator

|______________________

172.16.2.100

|

|

|

172.16.2.200

______________________

|

|Cisco PIX Firewall --- Internet

|____________________

172.16.30.200

|

|

|

172.16.30.150

______________________

|

| ISA Server

|_____________________

|

|

|

Internet

- At the Cisco Pix Firewall the default gateway is the Internet

- At the ISA Server the default gateway is the Internet

- At the Cisco VPN COncentrator I want to add the following route:

route to 172.16.30.150 mask 255.255.255.255 gateway 172.16.2.200

- At the Cisco PIX Firewall I want to add the following route:

route to 172.16.30.150 mask 255.255.255.255 gateway 172.16.30.150

After I add these two routes can I add the following route at the Cisco VPN Concentrator?:

route to 0.0.0.0 mask 0.0.0.0 gateway 172.16.30.150

With this route I will set the Cisco VPN Concentrator default gateway to the IP address interface at the ISA Server.

The default gateway is on a different subnet but, with the 2 routes explained above, the Cisco VPN Concentrator will know the path to the interface at the ISA Server.

I want to do this, because VPN Clients must be ISA NAT Clients and must connect to the Intern trough the ISA and not trough the PIX.

Thanks

Duarte S.

PS - I know that I will need to add more routes, because the replies must know how to go from the ISA to the VPN Clients. I didn´t explain these routes here because they are not relevant to the main question: Can I have a default gateway on a different subnet if I add the necessary routes to that gateway?

Labels:
0 Helpful
3 Replies 3

tcordier
Level 1
Level 1

‎12-08-2005 12:12 AM

Hi Duarte,

your setup should work provided you use a subnetmask of /24 for the 172.16.2.100 on the VPN Concentrator and the 172.16.2.200 on the PIX. Alternatively, you could use

route to 172.16.30.150 mask 255.255.255.255 gateway

on the VPN Concentrator.

Also, your suggested route entry on the PIX

route to 172.16.30.150 mask 255.255.255.255 gateway 172.16.30.150

is not needed. The PIX does know the route to 172.16.30.150 as this is a connected subnet (I assume here that you use 172.16.30.128/25 or larger on the PIX; if that is not true, the route is required).

HTH, Thomas

0 Helpful

duartesss
Level 1
Level 1
In response to tcordier

‎12-08-2005 08:52 AM

Thanks for you reply.

In attach I send the diagram.

About the route:

I did'nt wrote correctly the route. I want to add the following route at the pix:

route to 172.16.30.0 mask 255.255.255.0 gateway 172.16.30.150

Preview file
19 KB
0 Helpful

duartesss
Level 1
Level 1

‎12-08-2005 08:49 AM

In attach I send the diagram.

About the route:

I did'nt wrote correctly the route. I want to add the following route at the pix:

route to 172.16.30.0 mask 255.255.255.0 gateway 172.16.30.150

Preview file
19 KB
0 Helpful
Customers Also Viewed These Support Documents