Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX & Secondary IP address to inside interfaces


I caught up in problem , i terminated VPN on PIX between 3 sites , one of the sites is having 4 different internal network of which 3 behind routers , users from different VPN sites need to access this networks .... how shall i add the routes

vpn betweeen,, is working fine , but is having another 3 networks after an router

router ip ,

different networks behind routers are

how many routes i need to add , in which pix .... need help ############# TOP URGENT##############

thanks in advance

New Member

Re: PIX & Secondary IP address to inside interfaces

If on the VPN router you have a default route, then you do not need to add any routes on that. Just make sure that the access-list used in crypto maps, cover all the source and destination addresses.

In the PIX that has the firewall on its back you will need to add the routes that are behind the network. A "ping" test is the best way to see if everything works fine. Again incluse a mirrored access-list with source the 4 networks and destination the central VPN office.

New Member

Re: PIX & Secondary IP address to inside interfaces

i have

nat (inside) 1 0 0 for internet traffic

nat (inside) 0 access-list 101 for VPN traffic

this will help me or not ..

static (inside,outside)

access-list 101 permit ip

here is network behind router of site A

where as is remote site from where users want to access the network .. am planning to deploy this and will let you know if this works & please get back to me if you have any alternative ...


New Member

Re: PIX & Secondary IP address to inside interfaces

above is not working .................need urgent help thanks