Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
244
Views
0
Helpful
2
Replies

site to site vpn - why do I need dauflt gateway when outside interface of 2 ASA are on the same network

asmskabir.khan
Level 1
Level 1

‎01-22-2017 04:08 PM

Hi,

why do I need default gateway for 2 ASA for site2site VPN to work. I do understand if the outside interfaces of these 2 ASA have public ip (as it would be in real world), then I need default gateway for those 2 ASA.

Labels:
0 Helpful
2 Replies 2

Rahul Govindan
VIP Alumni
VIP Alumni

‎01-23-2017 04:33 AM

In this scenario, you do not need default gateway for the public ip addresses to reach each other, i.e; 192.168.0.20 to reach 192.168.0.30. But you need to force the traffic from 10.0.0.0/24 to 10.1.0.0/24 to hit the outside interface. ASA triggers/initiates the VPN when it sees the interesting traffic to be encrypted. Without default route, the 10.0.0.0/24 network does not know how to reach the 10.1.0.0/24 network. Hope this helps.

0 Helpful

asmskabir.khan
Level 1
Level 1
In response to Rahul Govindan

‎01-23-2017 03:18 PM

Thank you Rahul for your reply.

0 Helpful
Customers Also Viewed These Support Documents