04-26-2005 04:07 AM - edited 02-21-2020 01:44 PM
Have configured an EasyVPN tunnel for a customer with lots of 10.x.x.x nets. Did not get it working until I changed the VPN office to 192.168.n.n. I the discovered that the central PIX had a 10.0.0.0 0.255.255.255 route back to inside central WAN router. When I changed the generic route to lots of specific ones I got the VPN office working under 10.x.x.x. Does the static routes whack the routes provided by the IPSEC SA's?
Regards
Bjorn
04-26-2005 06:33 AM
Please have a look at the following URL concerning route selection. It says it's about routers but this is equally valid for the PIX.
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094823.shtml
I suppose it explains your questions regarding this topic.
Regards,
Leo
04-26-2005 10:11 AM
Well, it doesn't really. I think anyway. Becuase it does not talk about how routes from the crypto engine is inserted into the routing table. In the pix the actual route is not defined via the "route n.n.n.n mask next hop". It comes from the access-list specified in the vpngroup definition, I guess. But if static has the weight of 1, that is hard to beat.
Regards
Bjorn
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide