[nsp] Routing decisions on a PIX?
Voralt
peder at voralt.net
Tue Jun 10 10:50:27 EDT 2003
Either static's take precedence, or it uses the first one it finds, I'm not
sure which. I had a scenario where there where VPN connections and internal
WAN connections and they were all on 172.16.x.x. I assumed it would work
like a router and use the longest match, so if I had a 172.16.0.0
255.255.0.0 route inside, any of the VPN connections would override that
since they were all 255.255.255.0 networks. However, the VPN's didn't work
until I removed the route inside and added a bunch of class C route's
pointing inside. I'm assuming that it uses the first match it finds, but
that's just a guess.
----- Original Message -----
From: "Regis M. Donovan" <regis at offhand.org>
To: <cisco-nsp at puck.nether.net>
Sent: Monday, June 09, 2003 1:51 PM
Subject: [nsp] Routing decisions on a PIX?
> Hi there.
> I've got a pair of PIX boxes running 6.2(1), connected with a VPN.
> The networks are also connected by a back-end direct WAN line. I
> would rather my traffic go over the WAN link instead of the VPN.
>
> Does the PIX consider the VPN to be a connected network? When it
> comes time to make a routing decision, which takes precedence in a
> PIX: a VPN network connection or a static route?
>
> I've looked around on the cisco web site and couldn't find anything
> that directly addresses this.
>
> Thanks!
> --Regis
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list