01-22-2017 04:08 PM
Hi,
why do I need default gateway for 2 ASA for site2site VPN to work. I do understand if the outside interfaces of these 2 ASA have public ip (as it would be in real world), then I need default gateway for those 2 ASA.
01-23-2017 04:33 AM
In this scenario, you do not need default gateway for the public ip addresses to reach each other, i.e; 192.168.0.20 to reach 192.168.0.30. But you need to force the traffic from 10.0.0.0/24 to 10.1.0.0/24 to hit the outside interface. ASA triggers/initiates the VPN when it sees the interesting traffic to be encrypted. Without default route, the 10.0.0.0/24 network does not know how to reach the 10.1.0.0/24 network. Hope this helps.
01-23-2017 03:18 PM
Thank you Rahul for your reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide