ASA site to site VPN routing

Unanswered Question
May 20th, 2014
User Badges:

Hello,

We have 2 ASA's that have a site to site ipsec VPN between them.  Everything is working and users can ping and access devices on the other side.

My question is when I look in the routing table of both firewalls, routes to not show up for the other site.  I was told before I took the job that EIGRP was passing through IPSec tunnel.  I have read that EIGRP cannot pass over IPSec, only OSPF.  Is there a way to see how traffic is getting to the far end?  If I traceroute from a host device, it stars out telling me it is hitting the firewall.  Shouldn't the firewall show a route to the remote site in the routing table?

 

Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
shine pothen Tue, 05/20/2014 - 16:49
User Badges:
  • Bronze, 100 points or more
Good to hear that your site to site is work. You will be providing default route only to your ISP that will be the only route. The site to site traffic is happening on the access-list which you provided. The source subnet to destination subnet. To see how the traffic is flowing you can see through commands Sh cry isa sa Sh cry IPSec sa For the LAN part you will have the L3 doing the job. If you use gre over IPSec then you can send the traffic over routing protocol. I believe on an ASA it is not possible to do gre over IPSec.

Actions

This Discussion