PIX - ip local pool - question


-I have a PIX 506 6.3(3) configured with a vpngroup.

-The vpngroup is calling an ip local pool ip local pool vpnpool1

and a split tunnel list access-list split1 permit ip

-At the client ( Cisco VPN statistics shows for Route Details a Secured route for

BUT and here is the problem, a route print in windows shows a new route for with as the gateway. I don't want this route i want only the route for

After checking the PIX command reference , i saw that i should be able to specify a mask in the ip local pool command.

ip local pool pool_name pool_start_address[-pool_end_address] [mask mask]

I tried to modify my ip local pool command with no success ip local pool vpnpool1 mask doesn't work. ( yes i removed the vpngroup entry prior to do that).

At the PIX the possible syntax shown for ip local pool is "usage: [no] ip local pool [-] no mention of a mask argument.

So what exactly is the rule here , can we provide a mask for the client or not ? Did i made a mistake in the syntax ? I tried with the word mask , netmask and just the mask itself.

Or is there another way to get rid of this route , other than doing a route delete everytime we log in.


Reply to
Loading thread data ...

I haven't done this before, only between a 3030 and a PIX, but here is a link to Cisco's config example repository:

formatting link
Here is a link to setting up a L2L between a 3000 series and FW1-NG

formatting link


Reply to
Richard Graves

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.