07-08-2009 09:08 AM - edited 03-11-2019 08:52 AM
I have a VPN set up between sites, however traffic is following a static route on the firewall rather than the established VPN path?
I can I change priority/force the traffic to cross the VPN instead of the static route?
I cannot delete the static route as it is needed for something else.
07-08-2009 09:23 AM
I don't believe changing the administrative distance on the static route will matter as the ASA will always route before it checks the crypto acl's.
Do the networks in your static route match the networks in your crypto acl? Can you be more specific with one or the other?
07-08-2009 12:01 PM
Mike,
As Adam mentioned, more detail on your setup would be helpful.
To change the priority of the routes, you would need to make the route that the VPN traffic should be taking more specific than the static route they are currently taking. For example, if the traffic is currently following a 10.0.0.0/8 route, you might configure a 10.0.1.0/24 route on the interface that you want the VPN traffic to take.
Hope that helps.
-Mike
07-09-2009 08:22 AM
Hi thanks for your replies.
The VPN crypto map matches 10.102.1.0 /24 going to 10.101.1.0 /24.
However there is also a general static route in place for 10.101.0.0 / 16 which is to an alternate VPN server.
I would have thought the VPN established path would take precedence over any static route?
But from using packet tracer I can see the traffic is not even touching or acknowledging the VPN path.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide