cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
587
Views
5
Helpful
9
Replies

Problems adding routing routes

edgar-quintana
Level 1
Level 1

Hi,

I've a 2821 cisco router. This router has a adsl wic and a lmds connection using the second gigabit port.

Now, there is a default route configured ip route 0.0.0.0 0.0.0.0 83.x.x.x permanent.

With this configuration works fine.

There are several vpn ipsec tunnel running properly, but, is I change the routing route to ip route 192.168.157.0 255.255.255.0 83.x.x.x permanent it does not work.

Then I need to configure the routing for:

using the wic adsl for internet&nat and then the static routes for vpn ipsec tunels

what can I do?

Best regards

1 Accepted Solution

Accepted Solutions

Edgar

If they are site-to-site VPN tunnels you do not need static routes for the VPN tunnels. The access-lists you define for use in the crypto map define the local and remote networks ie.

access-list vpntraffic permit ip 10.5.1.0 255.255.255.0 192.168.5.0 255.255.255.0

If the route receives a packet from 10.5.1.x destined for a 192.168.5.x machines it knows it has to send this traffic down the VPN tunnels. It does not need a static route.

HTH

Jon

View solution in original post

9 Replies 9

Jon Marshall
Hall of Fame
Hall of Fame

Hi Edgar

Could you post a bit more detail on your setup.

If the tunnels are site-to-site VPN tunnels you do not need static routes on the router as the crypto access-list will tell the router whether or not it needs to encrypt the traffic.

Jon

Hi,

Thnks for fast responding.

Yes.. there are site to site vpn ipsec tunnels

Edgar

If they are site-to-site VPN tunnels you do not need static routes for the VPN tunnels. The access-lists you define for use in the crypto map define the local and remote networks ie.

access-list vpntraffic permit ip 10.5.1.0 255.255.255.0 192.168.5.0 255.255.255.0

If the route receives a packet from 10.5.1.x destined for a 192.168.5.x machines it knows it has to send this traffic down the VPN tunnels. It does not need a static route.

HTH

Jon

Edit

If the route receives a packet from 10.5.1.x destined ...

should read

If the router receives a packet from 10.5.1.x destined ...

Jon

OK...

Then there are two questions to respond:

the 2821 has two nic one for line backup if fails and the second one ads wic for internet and nat

1? how to configure the routing for backup (ipsec tunnels are already configured)

2? how to configure the routing for nat and internet browsing

Edgar

1) If you are using a static default route you can use another default route with a higher adminsitrative distance - called a floating static. eg.

If your primary link gateway is 83.10.1.1

your secondary link gateway is 84.10.1.1

ip route 0.0.0.0 0.0.0.0 83.10.1.1

ip route 0.0.0.0 0.0.0.0 84.10.1.1 250

The second route will only be used if the first disappears.

2) Not entirely clear. Are you askign how you would do the NAT in a failover scenario ?

Jon

This is the situation:

a cisco 2821 two gigabit ports and a adsl wic.

The adsl wic is only for backuping the tunnels.

If the tunnels dont need adding routes, backup tunnels would not need too?

This is the configuration.

There are 2 static routes.

The tunels only works is there is a default route configured...

is possible to enable both?

I try to delete the default route but it does not work.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco