G
Guest
Hello,
I have the following topology:
_______________________
| |
| VPN Clients |
|______________________|
192.168.0.x
| | |
| | |
| | |
192.168.0.100
_______________________
| |
|Cisco VPN Concentrator |
|______________________|
172.16.2.100
|
|
|
172.16.2.200
______________________
| |
| Cisco PIX Firewall |--- Internet
|_____________________|
172.16.30.200
|
|
|
172.16.30.150
______________________
| |
| ISA Firewall |
|_____________________|
|
|
|
Internet
- At the Cisco Pix Firewall the default gateway is the Internet
- At the ISA Server the default gateway is the Internet
- At the Cisco VPN COncentrator I want to add the following route:
route to 172.16.30.150 mask 255.255.255.255 gateway 172.16.2.200
- At the Cisco PIX Firewall I want to add the following route:
route to 172.16.30.150 mask 255.255.255.255 gateway 172.16.30.150
After I add these two routes can I add the following route at the Cisco VPN
Concentrator?:
route to 0.0.0.0 mask 0.0.0.0 gateway 172.16.30.150
With this route I will set the Cisco VPN Concentrator default gateway to the
IP address interface at the ISA Server.
The default gateway is on a different subnet but, with the 2 routes
explained above, the Cisco VPN Concentrator will know the path to the
interface at the ISA Server.
I want to do this, because VPN Clients must be ISA NAT Clients and must
connect to the Intern trough the ISA and not trough the PIX.
Thanks
Duarte S.
PS - I know that I will need to add more routes, because the replies must
know how to go from the ISA to the VPN Clients. I didn´t explain these routes
here because they are not relevant to the main question: Can I have a default
gateway on a different subnet if I add the necessary routes to that gateway?
I have the following topology:
_______________________
| |
| VPN Clients |
|______________________|
192.168.0.x
| | |
| | |
| | |
192.168.0.100
_______________________
| |
|Cisco VPN Concentrator |
|______________________|
172.16.2.100
|
|
|
172.16.2.200
______________________
| |
| Cisco PIX Firewall |--- Internet
|_____________________|
172.16.30.200
|
|
|
172.16.30.150
______________________
| |
| ISA Firewall |
|_____________________|
|
|
|
Internet
- At the Cisco Pix Firewall the default gateway is the Internet
- At the ISA Server the default gateway is the Internet
- At the Cisco VPN COncentrator I want to add the following route:
route to 172.16.30.150 mask 255.255.255.255 gateway 172.16.2.200
- At the Cisco PIX Firewall I want to add the following route:
route to 172.16.30.150 mask 255.255.255.255 gateway 172.16.30.150
After I add these two routes can I add the following route at the Cisco VPN
Concentrator?:
route to 0.0.0.0 mask 0.0.0.0 gateway 172.16.30.150
With this route I will set the Cisco VPN Concentrator default gateway to the
IP address interface at the ISA Server.
The default gateway is on a different subnet but, with the 2 routes
explained above, the Cisco VPN Concentrator will know the path to the
interface at the ISA Server.
I want to do this, because VPN Clients must be ISA NAT Clients and must
connect to the Intern trough the ISA and not trough the PIX.
Thanks
Duarte S.
PS - I know that I will need to add more routes, because the replies must
know how to go from the ISA to the VPN Clients. I didn´t explain these routes
here because they are not relevant to the main question: Can I have a default
gateway on a different subnet if I add the necessary routes to that gateway?