which route add?

Unanswered Question
Jul 16th, 2007

Hi,

Which would be the routing configuration if the cisco 2821 has configured tw gigabitethernet port with addresses

192.168.156.254 (LAN)

83xxxxxxxxxxxxxx(conneted to the lmds device)

several ipsec tunnels configurated.

The problem is tha I do not want to used default routing configuration (0.0.0.0 0.0.0.0 83xxxxxx)

I want to have only one static permanent route for each tunnel.

best regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Amit Singh Mon, 07/16/2007 - 08:50

Please paste your router configuration and we will suggest accordingly.

-amit singh

spremkumar Tue, 07/17/2007 - 01:21

Hi Edgar

If your remote destinations are reachable via the single gateway ip then you can have a single route (default route) pointing via the host ip...

But if your vpn peers are not reachable via the gateway then you need to have different set of static routes pointing towards the gateway through which it can be reached.

If this doesnt solve your purpose do post more on the requirement you have in place and also possible placements of your remote vpn peers..

regds

edgar-quintana Tue, 07/17/2007 - 03:39

Hi,

I need to use static routes no default route because I need to use the default one for another wic.

Jon Marshall Tue, 07/17/2007 - 04:34

Hi Ed

Are you saying that your IPSEC peers are via a different link than you normal internet connection.

You do not need routes for the remote network in an IPSEC configuration however if the peer addresses are reachable via a different interface then you need to just add individual statics on your router eg.

ip route "peer address" 255.255.255.255 "next hop"

HTH

Jon

edgar-quintana Tue, 07/17/2007 - 04:52

Ok

Then, resuming| ...

There are 3 ipsec site to site tunnels configured.

192.168.157.0

192.168.154.0

192.168.155.0

Mi lan is under the gigabitethernet0/0 with address 192.168.156.0

The gigabitethernet0/1 has ip address 83.xxx and routes all to the lmds device connected to this giga port.

Now there is a static route ip route 0.0.0.0 0.0.0.0 83.175.212.225 permanent and works fine but,

if I add 192.168.157.0 255.255.255.0 83.175.212.225 permanent.. and more for the rest...

It does not work ...

Pcs has static routes like this...

route add -p 192.168.157.0 mask 255.255.255.0 192.168.156.254( the router ip addres)

Where is the problem?

I do not want to use default route only specified.

Best regards

Jon Marshall Tue, 07/17/2007 - 05:05

Ed

Please bear with me because i think i might be having one of those days :)

You don't need static routes for your remote subnets with IPSEC tunnels. Why do you need to add a route for the remote subnet pointing to the same next hop as the default route.

Jon

edgar-quintana Tue, 07/17/2007 - 05:12

I will add a adsl wic with default route for internet browsing... and the existan gigaport for ldms tunnels

Jon Marshall Tue, 07/17/2007 - 05:19

Ed

If you add an adsl wic for internet browsing and the tunnels still go via the gigabit connection then you need to add static routes for the remote peers not the remote subnets pointing out the gigabit interface.

Does this make sense ?

Jon

edgar-quintana Tue, 07/17/2007 - 05:25

Then..

What will be the solution?

Adding 3 static routes (one for each tunnel)

ip route peer_address 255.255.255.255 83.175.212.225 permanent

???

Jon Marshall Tue, 07/17/2007 - 05:30

Ed

Yes, just add routes for the remote peers and leave your default route pointing to the internet gateway.

Jon

Jon Marshall Tue, 07/17/2007 - 05:43

Ed

You will still need your default route for all non tunnel traffic.

Jon

edgar-quintana Tue, 07/17/2007 - 05:49

Aja, but suposse that I only want tunnel traffic.. is necessary always to define default route?

Jon Marshall Tue, 07/17/2007 - 05:56

Ed

No if you only want to tunnel traffic it isn't. But then if you only want to tunnel traffic then why bother with static routes for each peer address, you could just use the default route. Unless of course the remote peers are reachable via different next hops.

HTH

Jon

edgar-quintana Tue, 07/17/2007 - 06:33

Ok

Then

Ill install the wic adsl and give to it the default route.. and configure ip route ipeer 255.255.255.255 next hop

One question... when you add a static route for a public address the mask which woul be 255.255.255.255?

edgar-quintana Tue, 07/17/2007 - 06:43

Well.... Ill try to install the wic configured as atm0/0/1 point to point with default route through this interface and then static routes with peer and next hop lmds

edgar-quintana Tue, 07/17/2007 - 13:34

I have added a default route for atmo01 interface and for vnp tunnels..

ip route 192.168.157.0 255.255.255.0 83.175.212.225 permanent

ip route 80.xxx 255.255.255.255 83.175.212.225 permanent

The sdm software told me to add both routes to peer and to ip lan addresses

Actions

This Discussion