Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Default gateway on different subnet

Hello,

I have the following topology:

_______________________

|

| VPN Clients

|______________________

192.168.0.x

| | |

| | |

| | |

192.168.0.100

_______________________

|

|Cisco VPN Concentrator

|______________________

172.16.2.100

|

|

|

172.16.2.200

______________________

|

|Cisco PIX Firewall --- Internet

|____________________

172.16.30.200

|

|

|

172.16.30.150

______________________

|

| ISA Server

|_____________________

|

|

|

Internet

- At the Cisco Pix Firewall the default gateway is the Internet

- At the ISA Server the default gateway is the Internet

- At the Cisco VPN COncentrator I want to add the following route:

route to 172.16.30.150 mask 255.255.255.255 gateway 172.16.2.200

- At the Cisco PIX Firewall I want to add the following route:

route to 172.16.30.150 mask 255.255.255.255 gateway 172.16.30.150

After I add these two routes can I add the following route at the Cisco VPN Concentrator?:

route to 0.0.0.0 mask 0.0.0.0 gateway 172.16.30.150

With this route I will set the Cisco VPN Concentrator default gateway to the IP address interface at the ISA Server.

The default gateway is on a different subnet but, with the 2 routes explained above, the Cisco VPN Concentrator will know the path to the interface at the ISA Server.

I want to do this, because VPN Clients must be ISA NAT Clients and must connect to the Intern trough the ISA and not trough the PIX.

Thanks

Duarte S.

PS - I know that I will need to add more routes, because the replies must know how to go from the ISA to the VPN Clients. I didn´t explain these routes here because they are not relevant to the main question: Can I have a default gateway on a different subnet if I add the necessary routes to that gateway?

3 REPLIES
New Member

Re: Default gateway on different subnet

Hi Duarte,

your setup should work provided you use a subnetmask of /24 for the 172.16.2.100 on the VPN Concentrator and the 172.16.2.200 on the PIX. Alternatively, you could use

route to 172.16.30.150 mask 255.255.255.255 gateway

on the VPN Concentrator.

Also, your suggested route entry on the PIX

route to 172.16.30.150 mask 255.255.255.255 gateway 172.16.30.150

is not needed. The PIX does know the route to 172.16.30.150 as this is a connected subnet (I assume here that you use 172.16.30.128/25 or larger on the PIX; if that is not true, the route is required).

HTH, Thomas

New Member

Re: Default gateway on different subnet

Thanks for you reply.

In attach I send the diagram.

About the route:

I did'nt wrote correctly the route. I want to add the following route at the pix:

route to 172.16.30.0 mask 255.255.255.0 gateway 172.16.30.150

New Member

Re: Default gateway on different subnet

In attach I send the diagram.

About the route:

I did'nt wrote correctly the route. I want to add the following route at the pix:

route to 172.16.30.0 mask 255.255.255.0 gateway 172.16.30.150

374
Views
0
Helpful
3
Replies