Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX and default route for VPN clients?

Hi everyone!

Weird problem on a PIX515 with 7.2.4: adding the "route inside 0.0.0.0 0.0.0.0 <gw> tunneled" fails.

See below:

PIX-1# sh run | inc route

route outside 0.0.0.0 0.0.0.0 x.x.x.x

route inside InternalNets 255.0.0.0 10.255.x.1 1

route inside 192.168.0.0 255.255.0.0 10.255.x.1 1

PIX-1# conf t

PIX-1(config)# route inside 0.0.0.0 0.0.0.0 10.255.x.1 tunneled

ERROR: Cannot add route entry, conflict with existing routes

Any ideas?

Thanks!

9 REPLIES

Re: PIX and default route for VPN clients?

it's because you are using a inside interface in the tunneled route and outside interface for the default route.

Check this link:

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/ip.html#wp1047900

Green

Re: PIX and default route for VPN clients?

What is he doing should work just fine. I use it on a few ASA's myself.

New Member

Re: PIX and default route for VPN clients?

Hi Vikram,

I'm doing the same thing in an ASA:

route outside 0.0.0.0 0.0.0.0 y.y.y.y 1

route inside 10.0.0.0 255.0.0.0 10.5.x.x 1

route inside 0.0.0.0 0.0.0.0 10.5.x.x tunneled

Could it be a PIX/ASA difference? Something else? Same thing happens with 8.0.4 code as well.

Thanks!

Green

Re: PIX and default route for VPN clients?

Does it complain if you try adding the inside tunneled route first, then the outside route?

New Member

Re: PIX and default route for VPN clients?

Hi,

Haven't tried that as we were accessing the PIX remotely via outside...

Will try to get someone to test it on-site for us.

Re: PIX and default route for VPN clients?

are you saying it's working in ASA, if yes then we are only left with PIX/ASA difference.

what version are you running by the way.

New Member

Re: PIX and default route for VPN clients?

Hi, I have a separate ASA5520 pair running 8.0.4 that is working fine with that configuration.

This particular scenario is another VPN headend, a single PIX515 running 7.2.x (same thing happened with 8.0.x code).

Re: PIX and default route for VPN clients?

tried to lookup if there are any bugs, but no luck.

strange issue.

Not sure if a reboot would help.

Re: PIX and default route for VPN clients?

would like to know if you managed to fix this issue.

296
Views
0
Helpful
9
Replies
CreatePlease login to create content