01-15-2008 12:57 AM - edited 02-21-2020 03:28 PM
when setting up a PIX to PIX vpn over say an internet connection, what should you expect to see in the show ip route statement?
Would anything be added or does it operate using the access-lists alone and default external route?
Thanks.
01-15-2008 05:32 AM
Michael, are you refering L2L VPN? if so there shouldn't be any other route statement needed to be configured in PIX as long you have default route in PIX configured and that the other side of tunnel is indeed reachable through your outside interface (internet). The rest as you said is taken care by acls and crypto maps etc..
Rgds
Jorge
01-15-2008 06:19 AM
sorry, i was referring to a IPSEC vpn.
so it will exit via default route and be deemed interesting traffic by the ACL and hit the IPSEC tunnel?
but does this mean any additional routes will appear in "show route" for example?
01-15-2008 07:43 AM
Yes, your understanding is correct. If you have other static routes or dynamic routing protocols configured, then these will show up in the routing table along with the connected routes. But, for IPSEC, in most of the cases, it should follow the default route unless you do not have a default route and have specific routes pointing to the outside interface to reach the IPSEC Peer Address or terminating the IPSEC Tunnel on a DMZ Interface.
Regards,
Arul
Regards,
Arul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: