Cisco Support Community
Community Member

Routing through VPN's and routing VPN Clients


We currently have two firewalls, one (FW1) for controlling network access and VPN clients, another (FW2) solely used to maintain a VPN tunnel to a remote network. All clients currently have a default gateway of FW1.

How would we go about getting FW1 to route packets destined for the remote network via the VPN on FW2?

We could add persistant routes on all workstations but this would be a messy solution. We would also like to allow VPN 3.5 clients (coming in on FW1) to do the same.

FW1 already has a route added to the remote network (the gateway being FW2's inside interface) and can ping hosts the other side of the VPN.


FW1 inside - (VPN Clients coming in on

FW2 Inside <-------vpn------>

Any help much appreciated.


Re: Routing through VPN's and routing VPN Clients

Hi there,

Unfortunately, PIX firewall does not do IP redirects. So if FW1 gets a packet destined for subnet, it will not redirect the packet to FW2. You alternatives:

1) Put a router on the inside subnet, and assign it as the Default gateway for the PC. Add the route on the router for to take FW2, and also add a default route on it and point it to FW1

2) Add a static routes on all the workstations for and point it to FW2

3) Replace the PIX with some other VPN device with supports IP redirects ( like an IOS router, VPN concentrator etc )


Community Member

Re: Routing through VPN's and routing VPN Clients

Thanks Jazib.

I take it point three is in reference to my question about getting VPN clients coming in on FW1 access to the remote subnet through the VPN on FW2?



CreatePlease to create content