Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1201
Views
10
Helpful
1
Replies

next hop for a static route - with an IPSEC tunnel

lgontarsk
Level 1
Level 1

‎06-18-2007 10:13 AM - edited ‎02-21-2020 03:06 PM

Hi,

I have a general question about static routes through an IPSEC tunnel... we tried a next hop for the static route being the other end of the IPsec tunnel... it didn't get entered into the ip routing table. then we made the next hop the interface which the crypto map is applied to.... this kinda worked (at least this time the static route made it into the routing table).

Do you have any guidelines or info regarding the next hop for a static route for which the destination is the IPSEC peer?

Much thanks.

Lisa G

Labels:
0 Helpful
1 Reply 1

dominic.caron
Level 5
Level 5

‎06-19-2007 10:13 AM

Hi!

If you are using IPSec tunnels(no gre)...routes are not mandatory...

Let's say that you've got a router at site 1 and a router at site 2. Those site are linked by the internet(ISP). The default route on those 2 router point to the ISP. In that case, you dont need to have a static route to the other network. You'll use static to force trafic to go tru a interface where your crypto-map is applied if it's not already the default behavior.

The Crypto ACL will decide what goes accross the VPN tunnel and the ACL must match(reverse) on each side of the tunnel. Also, make sure you dont NAT the trafic between the two site if you realy dont need to.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents