I am in the process of configured several new sites connected via VPN into a 506e running PIX 6.3 at our main site. These new sites need to be known to our main router, a 3640, as it is set as default gateway for all clients. I know I can put in static routes in the 3640 but wondered how difficult it was to setup some sort of RIP or similar between the two devices, so as I add new VPN sites (subnets) to the 506e I do not have to make programming changes to the 3640.
Is RIP the right way to do this ? I notice there are several RIP options within PIX 6.3, and what would I need to do on the 3640 to enable this (or check to see whether it is necessary) ?. I'm also a little concerned by the "Broadcast/multicast default route" because I want the routes known to the 506e to be communicated to the 3640 and the 3640 to remain the central router and default gateway for all clients and therefore the 506e only to be necessary for routing to the VPN sites only.
Re: VPN new routes on 506e PIX -> 3640 Router, RIP ?
RIP on the PIX is very limited, it'll only broadcast a default route out, or listen to routes coming in, or both. You can't add static routes to the PIX and advertise them via RIP, nor can you have the PIX automatically advertise tunneled routes via RIP.
Routers and VPN 3000 Concentrators, when used as a head-end device, have a feature called Reverse-Route Injection (RRI), that tells the device to advertise the remote network out into the main network when the tunnel is up. The PIX does not have this feature as yet.
At this point, your easiest option is simply to add the static routes onto the 3640 as you have been doing.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...