cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1109
Views
0
Helpful
9
Replies

PIX and default route for VPN clients?

fsmontenegro
Level 1
Level 1

Hi everyone!

Weird problem on a PIX515 with 7.2.4: adding the "route inside 0.0.0.0 0.0.0.0 <gw> tunneled" fails.

See below:

PIX-1# sh run | inc route

route outside 0.0.0.0 0.0.0.0 x.x.x.x

route inside InternalNets 255.0.0.0 10.255.x.1 1

route inside 192.168.0.0 255.255.0.0 10.255.x.1 1

PIX-1# conf t

PIX-1(config)# route inside 0.0.0.0 0.0.0.0 10.255.x.1 tunneled

ERROR: Cannot add route entry, conflict with existing routes

Any ideas?

Thanks!

9 Replies 9

it's because you are using a inside interface in the tunneled route and outside interface for the default route.

Check this link:

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/ip.html#wp1047900

What is he doing should work just fine. I use it on a few ASA's myself.

Hi Vikram,

I'm doing the same thing in an ASA:

route outside 0.0.0.0 0.0.0.0 y.y.y.y 1

route inside 10.0.0.0 255.0.0.0 10.5.x.x 1

route inside 0.0.0.0 0.0.0.0 10.5.x.x tunneled

Could it be a PIX/ASA difference? Something else? Same thing happens with 8.0.4 code as well.

Thanks!

Does it complain if you try adding the inside tunneled route first, then the outside route?

Hi,

Haven't tried that as we were accessing the PIX remotely via outside...

Will try to get someone to test it on-site for us.

are you saying it's working in ASA, if yes then we are only left with PIX/ASA difference.

what version are you running by the way.

Hi, I have a separate ASA5520 pair running 8.0.4 that is working fine with that configuration.

This particular scenario is another VPN headend, a single PIX515 running 7.2.x (same thing happened with 8.0.x code).

tried to lookup if there are any bugs, but no luck.

strange issue.

Not sure if a reboot would help.

would like to know if you managed to fix this issue.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: