Unanswered Question
Jan 15th, 2008
User Badges:

when setting up a PIX to PIX vpn over say an internet connection, what should you expect to see in the show ip route statement?

Would anything be added or does it operate using the access-lists alone and default external route?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
JORGE RODRIGUEZ Tue, 01/15/2008 - 05:32
User Badges:
  • Green, 3000 points or more

Michael, are you refering L2L VPN? if so there shouldn't be any other route statement needed to be configured in PIX as long you have default route in PIX configured and that the other side of tunnel is indeed reachable through your outside interface (internet). The rest as you said is taken care by acls and crypto maps etc..



mikedelafield Tue, 01/15/2008 - 06:19
User Badges:

sorry, i was referring to a IPSEC vpn.

so it will exit via default route and be deemed interesting traffic by the ACL and hit the IPSEC tunnel?

but does this mean any additional routes will appear in "show route" for example?

ajagadee Tue, 01/15/2008 - 07:43
User Badges:
  • Cisco Employee,

Yes, your understanding is correct. If you have other static routes or dynamic routing protocols configured, then these will show up in the routing table along with the connected routes. But, for IPSEC, in most of the cases, it should follow the default route unless you do not have a default route and have specific routes pointing to the outside interface to reach the IPSEC Peer Address or terminating the IPSEC Tunnel on a DMZ Interface.






This Discussion