PIX to PIX VPN

Unanswered Question
Jan 15th, 2008

when setting up a PIX to PIX vpn over say an internet connection, what should you expect to see in the show ip route statement?

Would anything be added or does it operate using the access-lists alone and default external route?

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
JORGE RODRIGUEZ Tue, 01/15/2008 - 05:32

Michael, are you refering L2L VPN? if so there shouldn't be any other route statement needed to be configured in PIX as long you have default route in PIX configured and that the other side of tunnel is indeed reachable through your outside interface (internet). The rest as you said is taken care by acls and crypto maps etc..

Rgds

Jorge

mikedelafield Tue, 01/15/2008 - 06:19

sorry, i was referring to a IPSEC vpn.

so it will exit via default route and be deemed interesting traffic by the ACL and hit the IPSEC tunnel?

but does this mean any additional routes will appear in "show route" for example?

ajagadee Tue, 01/15/2008 - 07:43

Yes, your understanding is correct. If you have other static routes or dynamic routing protocols configured, then these will show up in the routing table along with the connected routes. But, for IPSEC, in most of the cases, it should follow the default route unless you do not have a default route and have specific routes pointing to the outside interface to reach the IPSEC Peer Address or terminating the IPSEC Tunnel on a DMZ Interface.

Regards,

Arul

Regards,

Arul

Actions

This Discussion