Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN3000`s Tunnel Default Gateway

Dear All,

The VPN3000 has a tunnel default gateway which is the next hop IP address used by a LAN-to-LAN or a Remote Client connection after their packet decrypted by the Concentrator. I am wondering if one can configure different tunnel default gateway for each LAN-to-LAN connections or for each group of remote-clients. For example:

1.LAN-to-LAN connection from VPNA has a Tunnel Gw A

2.LAN-to-LAN connection from VPNB has a Tunnel Gw B

3.Remote Client from GroupC has a Tunnel Gw C

4.Remote Client from GroupD has a Tunnel Gw D

Appreciate for any insight.

Best Regards,


Cisco Employee

Re: VPN3000`s Tunnel Default Gateway


The VPN 3000 Concentrator uses the tunnel default gateway to route the tunneled users within the private network (usually the inside router). The VPN Concentrator uses the default gateway to route packets to the Internet (usually the outside router).

And there is no option on the VPN3000 where you can configure different tunnel default gateways and this is not possible as well.

Is there any specific reason that you want this and if so, can you share it on the group.



New Member

Re: VPN3000`s Tunnel Default Gateway

Hi Arul,

Thanks for your assistance. There is no specific reason, I am just being asked by the customer, because of the routing table limitation of VPN3005. Instead of populated the routing table of VPN3005 with unnecessary routes, it might be better to point the LAN-to-LAN tunnels or remote-client groups to several tunnel default gateways and let the gateways handle the route to the other networks. Of course, this design only fits if the internal does have several separate routers to the other networks. Anyway, we are able to confince the customer to buy a VPN3030 instead.

Best Regards,