How to check ALL routing table (also the VPN routing table)

Unanswered Question
Apr 2nd, 2009

Hi,

is there a command with the cli to cehck all the routing tables also the IPSEC L2L (because if I need to configure a new VPN L2L or a new route need to check the all configuration !!!)

With the "sh ip route" I cannot see the VPN IPSEC L2L (or the C2L routes)

Thanks to all.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
John Blakley Thu, 04/02/2009 - 13:34

You're wanting to see what traffic is allowed over your tunnels? "sh ip route" will only show the routes that your router knows about, and it won't know about the routes that the other router knows about (unless you're running a routing protocol over a gre tunnel).

You can use "sh crypt ipsec" and it will show you what networks are allowed through the tunnel.

Otherwise, there's not a command that I'm aware of that will do what you're asking. (If there is, I'm drawing a blank.)

HTH,

John

c.captari Thu, 04/02/2009 - 23:12

If you want to have such a visibility you need to implement IPSEC with Virtual Tunnel Interfaces.

IP security (IPsec) virtual tunnel interfaces (VTIs) provide a routable interface type for terminating IPsec tunnels and an easy way to define protection between sites to form an overlay network. IPsec VTIs simplify configuration of IPsec for protection of remote links, support multicast, and simplify network management and load balancing.

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_ipsec_virt_tunnl_ps6350_TSD_Products_Configuration_Guide_Chapter.html

Otherwise if you stick to your existing conf and want to see what is into the encryption domain :

show crypto ipsec sa

Actions

This Discussion