Problems adding routing routes

Answered Question
Jul 9th, 2007
User Badges:

Hi,


I've a 2821 cisco router. This router has a adsl wic and a lmds connection using the second gigabit port.


Now, there is a default route configured ip route 0.0.0.0 0.0.0.0 83.x.x.x permanent.


With this configuration works fine.

There are several vpn ipsec tunnel running properly, but, is I change the routing route to ip route 192.168.157.0 255.255.255.0 83.x.x.x permanent it does not work.


Then I need to configure the routing for:

using the wic adsl for internet&nat and then the static routes for vpn ipsec tunels


what can I do?


Best regards



Correct Answer by Jon Marshall about 9 years 11 months ago

Edgar


If they are site-to-site VPN tunnels you do not need static routes for the VPN tunnels. The access-lists you define for use in the crypto map define the local and remote networks ie.


access-list vpntraffic permit ip 10.5.1.0 255.255.255.0 192.168.5.0 255.255.255.0


If the route receives a packet from 10.5.1.x destined for a 192.168.5.x machines it knows it has to send this traffic down the VPN tunnels. It does not need a static route.


HTH


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Mon, 07/09/2007 - 05:10
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Edgar


Could you post a bit more detail on your setup.


If the tunnels are site-to-site VPN tunnels you do not need static routes on the router as the crypto access-list will tell the router whether or not it needs to encrypt the traffic.


Jon

edgar-quintana Mon, 07/09/2007 - 05:12
User Badges:

Hi,



Thnks for fast responding.


Yes.. there are site to site vpn ipsec tunnels

Correct Answer
Jon Marshall Mon, 07/09/2007 - 05:28
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Edgar


If they are site-to-site VPN tunnels you do not need static routes for the VPN tunnels. The access-lists you define for use in the crypto map define the local and remote networks ie.


access-list vpntraffic permit ip 10.5.1.0 255.255.255.0 192.168.5.0 255.255.255.0


If the route receives a packet from 10.5.1.x destined for a 192.168.5.x machines it knows it has to send this traffic down the VPN tunnels. It does not need a static route.


HTH


Jon

Jon Marshall Mon, 07/09/2007 - 05:33
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Edit


If the route receives a packet from 10.5.1.x destined ...


should read


If the router receives a packet from 10.5.1.x destined ...



Jon

edgar-quintana Mon, 07/09/2007 - 05:35
User Badges:

OK...



Then there are two questions to respond:


the 2821 has two nic one for line backup if fails and the second one ads wic for internet and nat


1? how to configure the routing for backup (ipsec tunnels are already configured)


2? how to configure the routing for nat and internet browsing

Jon Marshall Mon, 07/09/2007 - 05:54
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Edgar


1) If you are using a static default route you can use another default route with a higher adminsitrative distance - called a floating static. eg.


If your primary link gateway is 83.10.1.1

your secondary link gateway is 84.10.1.1


ip route 0.0.0.0 0.0.0.0 83.10.1.1

ip route 0.0.0.0 0.0.0.0 84.10.1.1 250


The second route will only be used if the first disappears.


2) Not entirely clear. Are you askign how you would do the NAT in a failover scenario ?


Jon

edgar-quintana Mon, 07/09/2007 - 07:20
User Badges:

This is the situation:



a cisco 2821 two gigabit ports and a adsl wic.


The adsl wic is only for backuping the tunnels.



If the tunnels dont need adding routes, backup tunnels would not need too?



edgar-quintana Mon, 07/09/2007 - 13:47
User Badges:

This is the configuration.


There are 2 static routes.


The tunels only works is there is a default route configured...


is possible to enable both?



Attachment: 

Actions

This Discussion