Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN new routes on 506e PIX -> 3640 Router, RIP ?

I am in the process of configured several new sites connected via VPN into a 506e running PIX 6.3 at our main site. These new sites need to be known to our main router, a 3640, as it is set as default gateway for all clients. I know I can put in static routes in the 3640 but wondered how difficult it was to setup some sort of RIP or similar between the two devices, so as I add new VPN sites (subnets) to the 506e I do not have to make programming changes to the 3640.

Is RIP the right way to do this ? I notice there are several RIP options within PIX 6.3, and what would I need to do on the 3640 to enable this (or check to see whether it is necessary) ?. I'm also a little concerned by the "Broadcast/multicast default route" because I want the routes known to the 506e to be communicated to the 3640 and the 3640 to remain the central router and default gateway for all clients and therefore the 506e only to be necessary for routing to the VPN sites only.

Any help would be much appreciated.

Cisco Employee

Re: VPN new routes on 506e PIX -> 3640 Router, RIP ?

RIP on the PIX is very limited, it'll only broadcast a default route out, or listen to routes coming in, or both. You can't add static routes to the PIX and advertise them via RIP, nor can you have the PIX automatically advertise tunneled routes via RIP.

Routers and VPN 3000 Concentrators, when used as a head-end device, have a feature called Reverse-Route Injection (RRI), that tells the device to advertise the remote network out into the main network when the tunnel is up. The PIX does not have this feature as yet.

At this point, your easiest option is simply to add the static routes onto the 3640 as you have been doing.

CreatePlease to create content