next hop for a static route - with an IPSEC tunnel

Unanswered Question
Jun 18th, 2007
User Badges:

Hi,


I have a general question about static routes through an IPSEC tunnel... we tried a next hop for the static route being the other end of the IPsec tunnel... it didn't get entered into the ip routing table. then we made the next hop the interface which the crypto map is applied to.... this kinda worked (at least this time the static route made it into the routing table).


Do you have any guidelines or info regarding the next hop for a static route for which the destination is the IPSEC peer?


Much thanks.

Lisa G

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
dominic.caron Tue, 06/19/2007 - 10:13
User Badges:
  • Silver, 250 points or more

Hi!


If you are using IPSec tunnels(no gre)...routes are not mandatory...


Let's say that you've got a router at site 1 and a router at site 2. Those site are linked by the internet(ISP). The default route on those 2 router point to the ISP. In that case, you dont need to have a static route to the other network. You'll use static to force trafic to go tru a interface where your crypto-map is applied if it's not already the default behavior.


The Crypto ACL will decide what goes accross the VPN tunnel and the ACL must match(reverse) on each side of the tunnel. Also, make sure you dont NAT the trafic between the two site if you realy dont need to.



Actions

This Discussion