VPN Concentrator configured in parallel with a firewall. and I don't find router in private segement. so which one should be the default gatways for the hosts in private segment. Pix couldn't do this, because it couldn't redirect(reroute) packets that sended to vpn clinet to vpn3000 even you add static route in it.
so I think we should select vpn3000. can the vpn3000 redirect(reroute) the packets that sended to internet to pix? if it can, there would be two default routes in vpn3000? because the remote vpn clients have various public addresses, so we should have default route to outside router(public segment), on the other side ,local hosts want to go everywhere through pix, so vpn3000 should have default route to pix in order to reroute those packets. Two default route is impossible,I am really puzzled.
of course if there is a router in the pivated segment, this is not a prolbem, router will reroute packets correctly.
The key point is that the pix couldn't redirct(reroute) packets like a router.
can someone help me?
If there isn't pix,just internet----router---vpn3000---private lan, can the hosts in private lan vist the internet and vpn clients (lans) at the same time? router can do this, can the vpn3000 works like a router in such condition?
Re: which one should be the default gateway, vpn 3000 or pix?
Thanks. but I think your answer is about how to set 'tunnel default gateways' in vpn3000.
My question is how to select default gateway for the hosts and servers in private segement(central office). If it is still pix, I don't think the hosts in central office could visite remote hosts through vpn3000, because pix couldn't reroute(redirect) the traffic even there is a static route in the pix. The key is pix don't acts like router.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :