VPN Routing Help

dmayne · ‎05-21-2003

I have setup a site-to-site VPN between my company and a consultant firm, with PIX firewalls on either end. The tunnel has been created and communication has been established, however there is a problem with routing back to the consultant firm.

There are 2 specific servers that the consultants need to hit, and the ACL's have been configured accordingly. The problem is that the 2 servers do not know how to route packets back to the consultant network - the traffic goes to the default gateway and out to the WAN instead. Our PIX 506 is not on the same subnet as the 2 servers, so we cannot add a static route to the servers.

PIX 506 - x.x.70.0 network 255.255.254.0 mask

Servers - x.x.59.0 network 255.255.255.0 mask

We do have a Catalyst 6509 running at layer 3 with the MSFC2 card, which handles our internal routing. (we have multiple subnets in our location). How can I set a static route to the consultant network for these servers to send the packets to the inside interface of the PIX? Would it be this simple or do I need to use some smoke and mirrors to get this to work.

gfullage · ‎05-21-2003

You need to add a route on the 6500 MSFC (assuming this is the server's next-hop outbound) that refers to your remote network and directs the traffic to the PIX. If the 6500 and the PIX are not on the same network, then you need to add a route on every intermediate hop until you get to the PIX. It should be that simple, yes.

mnaveen · ‎05-22-2003

I am trying a similar situation. I'll get back to you soon.