How to check ALL routing table (also the VPN routing table)

ROBERTO TACCON · ‎04-02-2009

Hi,

is there a command with the cli to cehck all the routing tables also the IPSEC L2L (because if I need to configure a new VPN L2L or a new route need to check the all configuration !!!)

With the "sh ip route" I cannot see the VPN IPSEC L2L (or the C2L routes)

Thanks to all.

John Blakley · ‎04-02-2009

You're wanting to see what traffic is allowed over your tunnels? "sh ip route" will only show the routes that your router knows about, and it won't know about the routes that the other router knows about (unless you're running a routing protocol over a gre tunnel).

You can use "sh crypt ipsec" and it will show you what networks are allowed through the tunnel.

Otherwise, there's not a command that I'm aware of that will do what you're asking. (If there is, I'm drawing a blank.)

HTH,

John

HTH, John *** Please rate all useful posts ***

c.captari · ‎04-02-2009

If you want to have such a visibility you need to implement IPSEC with Virtual Tunnel Interfaces.

IP security (IPsec) virtual tunnel interfaces (VTIs) provide a routable interface type for terminating IPsec tunnels and an easy way to define protection between sites to form an overlay network. IPsec VTIs simplify configuration of IPsec for protection of remote links, support multicast, and simplify network management and load balancing.

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_ipsec_virt_tunnl_ps6350_TSD_Products_Configuration_Guide_Chapter.html

Otherwise if you stick to your existing conf and want to see what is into the encryption domain :

show crypto ipsec sa