I'm tearing my hair out here! I've been trying to get a PIX501 IPSec VPN at a remote site up and running for the last few days, and I thought I was just about there. However, I seem to have run into a problem. We have a lot of locations on our network, and I've been specifying them as separate subnets on the PIX (all accessed via the same endpoint, the ISA server at our central site). This works, but I noticed the VPN connections seemed to be dropping for no reason. What I think is happening is that the machines are using up one of the IPSec tunnels for each remote subnet they talk to - it doesn't take long before it reaches the limit (10) and the PIX starts dropping things.
I think all I need to get round this is a way to specify a default gateway for all VPN-bound traffic (which will be everything the PIX receives) at our central site. That way if the PIX doesn't have an explicit entry for a subnet, it can forward it through the VPN to our central router which can take care of it.
Is this possible, or am I in trouble? Thanks in advance.
Colin