Routes and VPN

johan.blom · ‎11-21-2003

I have a pix wich have a route to 10.0.0.0 255.255.255.0 X.X.X.X (where X.X.X.X) is a internal router.

Now I want to route 10.200.0.0 trough vpn. Can I accomplish that with just adding one more access list to the already existing vpn tunnel to that peer. Or do I need to change the routing somehow?

Thanks in advance

kagodfrey · ‎11-21-2003

Yes, permit access to 10.200.0.0 255.255.0.0 for the VPN-tunnel-to-peer-pix acl, and also add it to whatever acl you are using for nat0. Make sure that the devices on the 10.200.0.0 network know the way back.

HTH

johan.blom · ‎11-21-2003

I did this. it works if I delete the route. But I want some way to keep the route but overide it for the 10.200.0.0 255.255.255.0 network. Is it possible?

kagodfrey · ‎11-21-2003

strange, I would have thought that it would have worked despite the other route as it has the longer match... what does the pix show in its routing table?

johan.blom · ‎11-21-2003

It shows the route to the router. But I solved this case by deleting the route and letting the hosts use the router as the default gw. But it would be fun to know if it's possible to do it like I described.