PIX and default route for VPN clients?

Unanswered Question
Nov 11th, 2009

Hi everyone!

Weird problem on a PIX515 with 7.2.4: adding the "route inside 0.0.0.0 0.0.0.0 <gw> tunneled" fails.

See below:

PIX-1# sh run | inc route

route outside 0.0.0.0 0.0.0.0 x.x.x.x

route inside InternalNets 255.0.0.0 10.255.x.1 1

route inside 192.168.0.0 255.255.0.0 10.255.x.1 1

PIX-1# conf t

PIX-1(config)# route inside 0.0.0.0 0.0.0.0 10.255.x.1 tunneled

ERROR: Cannot add route entry, conflict with existing routes

Any ideas?

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Wed, 11/11/2009 - 08:03

What is he doing should work just fine. I use it on a few ASA's myself.

fsmontenegro Wed, 11/11/2009 - 08:05

Hi Vikram,

I'm doing the same thing in an ASA:

route outside 0.0.0.0 0.0.0.0 y.y.y.y 1

route inside 10.0.0.0 255.0.0.0 10.5.x.x 1

route inside 0.0.0.0 0.0.0.0 10.5.x.x tunneled

Could it be a PIX/ASA difference? Something else? Same thing happens with 8.0.4 code as well.

Thanks!

acomiskey Wed, 11/11/2009 - 08:08

Does it complain if you try adding the inside tunneled route first, then the outside route?

fsmontenegro Wed, 11/11/2009 - 08:12

Hi,

Haven't tried that as we were accessing the PIX remotely via outside...

Will try to get someone to test it on-site for us.

vikram_anumukonda Wed, 11/11/2009 - 08:11

are you saying it's working in ASA, if yes then we are only left with PIX/ASA difference.

what version are you running by the way.

fsmontenegro Wed, 11/11/2009 - 08:13

Hi, I have a separate ASA5520 pair running 8.0.4 that is working fine with that configuration.

This particular scenario is another VPN headend, a single PIX515 running 7.2.x (same thing happened with 8.0.x code).

vikram_anumukonda Wed, 11/11/2009 - 09:09

tried to lookup if there are any bugs, but no luck.

strange issue.

Not sure if a reboot would help.

Actions

This Discussion