No Read what the tunnel default gateway does... (from the concentrator page where you set it)
"Enter the IP address of the default gateway or router for tunnels. Enter 0.0.0.0 for no default router." This is used to have a different gateway for IPSEC tunnels than for ip routing.. What we are discussing is how servers with two possible next hops, a pix and a vpn, will determine which to use for what subnets. The servers (defaulted to the pix) have to bypass it to speak to remote subnet (and use the concentrator instead). A common workaround (one I used to employ) was NT route add statements for each subnet that should "bypass" the pix, their default gateway, and use the Concentrator instead. A better and more scalable solution is to put a router between the concentrator and pix internal segment, and the servers. INBOUND For inbound internet and inbound ipsec tunnel traffic back, the pix and the vpn concentrator have a route to the "server's subnet" with the router as the next-hop. OUTBOUND Subnets reachable via vpn 3000 are routed to the vpn concentrator's private interface, a default route for Outbound Internet traffic is towards the pix. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66865&t=66819 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
