IP routing question for a VPn

Unanswered Question
Jan 31st, 2008
User Badges:


I have a VPN up & running, which connects to another company. I would like to put in a static route in my router with a destination of one of the subnets on their network.

What should I use as the next hop for the static route... their end of the IPsec tunnel? (which is reached over the internet)


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
srue Thu, 01/31/2008 - 08:04
User Badges:
  • Blue, 1500 points or more

you need to add their destination to your crypto ACL. Is your vpn device the default gateway on your network? All you need to do for routing is make sure traffic destined for the remote network gets to your vpn device. the crypto acl will take care of the rest. The crypto acl on the other company's peer will also need modified.

lgontarsk Thu, 01/31/2008 - 08:07
User Badges:


The destination is in the Crypto ACl. The problem is that the destination network is not known in our network and the default route for other devices (not the one the crypto ACL is on) is in a different direction than towards the ISP & internet.

So I thought i'd add a static route to the destination network which will be redistributed into our internal EIGRP.


Lisa G

ajagadee Thu, 01/31/2008 - 08:05
User Badges:
  • Cisco Employee,

I am assuming that you are talking about the router that you terminate your VPN Connections. If there is already a default route configured, then you dont really need to add a static route. Just make sure that your internal devices know that they need to send the packets to the VPN Router to send it across the tunnel and the VPN Router should look up in its routing table and follow the default route to reach the PEER.

Can you post a copy of your configuration, so we can take a look at it and assist you.



** Please rate all helpful posts **

lgontarsk Thu, 01/31/2008 - 08:09
User Badges:

Thanks I think I'm good to go.

I just needed to make sure that the correct next hop for the dest would be the IPSEC peer, and that putting in a static route to a destination with the IPSEc peer as the next hop won't interfere with the Crypto ACl in any way.

Thanks for your assistance!


This Discussion