Pix VPN-Tunnel Default Route?


with a Pix515 and software 7.2(2) I would like to achieve the following:

There are two different user groups. Each group connects to the Pix via Cisco's VPN-Client. Thus, there are two different tunnel groups. Each tunnel group has its own address pool, one is derived from 192.168.10.x and the other one from

192.168.20.x. In addition there are two virtual interfaces belonging to two different VLANs ( and respectively). So the users of each group end up in their own VLAN. So far things work as expected.

Each VLAN has its own router/default-gateway. And now here is the problem: The Pix has a default route of route outside 1 (Note that is a fictive address.) This statement is necessary in order to have the VPN-traffic routed back to the clients. But the decrypted traffic should be routed depending on the tunnel-group from where it originates, e.g. all traffic from the first tunnel group to the default gateway of the corresponding VLAN (through the appropriate virtual Pix interface) and all traffic from the second tunnel group to the default gateway of the second VLAN (again to the other virtual Pix interface). Is this possible?

When I add a statement like the following route vlan1-interface tunneled things for the first tunnel group work as expected. But of course packets from the second tunnel group never reach their destination as is on the wrong VLAN :-(

Any ideas?

Regards, Christoph Gartmann

Reply to
Christoph Gartmann
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.