Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Outside Route Configuration


see attached image of network diagram.

i have been trying to figure something out for quite some time now and i feel like after 15 hours it is time to seek some advice as to what i am missing. any help would be greatly appreciated.

i have a pix 525 with ios 8.0.4 on it. i am trying to make what i believe to be one of the most basic uses of this device. i want to to setup a vpn at my house.

once i introduce the vpn, things start getting whacky and i have some basic questions. i have gone and one a full factory reset with the following.


write erase

erase configuration in flash memory: yes


proceed with reload [confirm]: yes

#After reboot

#answer yes with y enter

Preconfigure firewall now through interactive prompts: [yes]: hit enter key

Firewall Mode [Routed]: hit enter key or [tranparent] to configure the other way

enable password [password]..................pick one between []'s

allow password recovery: enter y enter

year enter 2013

month: sept

day: 15

time: 02:012:00

inside ip

net mask

hostname: thcvpn01

ip of host running device manager: just hit enter


with this basic default reset on the vpn and the outside port unplugged and a ethernet cable going from the comcast modem to the netgear router, i can successfully ping the router, and all member servers on the inside port, as well as get on the internet. this seems logical and correct to me.

my problems all start when i disconnect the ethernet cable from the modem which goes to the data port on the router and try to use the outside port as diagramed in the picture. my questions are pretty simple i think:

1) the inside port can go to either a switch port or the data port on the router correct?

    when it is hooked it to the switch port on the router i can ping all member server host names and ips correctly but i can't ping any hosts or ips on the internet. it does resolve the host name to the ip properly, when i hook it to the data port i am not able to ping anything. for now it appears work on the switch port just fine so no big deal. im simply looking for clarification or reasons why one would use one over the other,  unless i am way off on everything.

2) the outside port on the vpn should connect up to the comcast modem ethernet jack correct? when i configure an outside interface, such as i am able to ping the outside interface from the 525 but not anything from the internet. my member servers are not able to ping the ip address. what should i chose as the ip, netmask and gateway on the outside interface and how to i make this all work?

3) how do i make the routes between them that function. i think i need some clarity around this as well. the help on the device uses the word foriegn network and we are using terms like inside and outside. im not sure which is foriegn to what basically. a good working, simple example like this will do wonders for my understanding on routes between subnets.



New Member

Outside Route Configuration



CreatePlease login to create content