Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
562
Views
10
Helpful
4
Replies

IP routing question for a VPn

lgontarsk
Level 1
Level 1

‎01-31-2008 07:49 AM - edited ‎02-21-2020 03:31 PM

Hi,

I have a VPN up & running, which connects to another company. I would like to put in a static route in my router with a destination of one of the subnets on their network.

What should I use as the next hop for the static route... their end of the IPsec tunnel? (which is reached over the internet)

Thanks!!!

Labels:
0 Helpful
4 Replies 4

srue
Level 7
Level 7

‎01-31-2008 08:04 AM

you need to add their destination to your crypto ACL. Is your vpn device the default gateway on your network? All you need to do for routing is make sure traffic destined for the remote network gets to your vpn device. the crypto acl will take care of the rest. The crypto acl on the other company's peer will also need modified.

lgontarsk
Level 1
Level 1
In response to srue

‎01-31-2008 08:07 AM

Thanks.

The destination is in the Crypto ACl. The problem is that the destination network is not known in our network and the default route for other devices (not the one the crypto ACL is on) is in a different direction than towards the ISP & internet.

So I thought i'd add a static route to the destination network which will be redistributed into our internal EIGRP.

Thanks!

Lisa G

0 Helpful

ajagadee
Cisco Employee
Cisco Employee

‎01-31-2008 08:05 AM

I am assuming that you are talking about the router that you terminate your VPN Connections. If there is already a default route configured, then you dont really need to add a static route. Just make sure that your internal devices know that they need to send the packets to the VPN Router to send it across the tunnel and the VPN Router should look up in its routing table and follow the default route to reach the PEER.

Can you post a copy of your configuration, so we can take a look at it and assist you.

Regards,

Arul

** Please rate all helpful posts **

lgontarsk
Level 1
Level 1
In response to ajagadee

‎01-31-2008 08:09 AM

Thanks I think I'm good to go.

I just needed to make sure that the correct next hop for the dest would be the IPSEC peer, and that putting in a static route to a destination with the IPSEc peer as the next hop won't interfere with the Crypto ACl in any way.

Thanks for your assistance!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents