Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Route over Static Route

I have a VPN set up between sites, however traffic is following a static route on the firewall rather than the established VPN path?

I can I change priority/force the traffic to cross the VPN instead of the static route?

I cannot delete the static route as it is needed for something else.

3 REPLIES
Green

Re: VPN Route over Static Route

I don't believe changing the administrative distance on the static route will matter as the ASA will always route before it checks the crypto acl's.

Do the networks in your static route match the networks in your crypto acl? Can you be more specific with one or the other?

Re: VPN Route over Static Route

Mike,

As Adam mentioned, more detail on your setup would be helpful.

To change the priority of the routes, you would need to make the route that the VPN traffic should be taking more specific than the static route they are currently taking. For example, if the traffic is currently following a 10.0.0.0/8 route, you might configure a 10.0.1.0/24 route on the interface that you want the VPN traffic to take.

Hope that helps.

-Mike

New Member

Re: VPN Route over Static Route

Hi thanks for your replies.

The VPN crypto map matches 10.102.1.0 /24 going to 10.101.1.0 /24.

However there is also a general static route in place for 10.101.0.0 / 16 which is to an alternate VPN server.

I would have thought the VPN established path would take precedence over any static route?

But from using packet tracer I can see the traffic is not even touching or acknowledging the VPN path.

134
Views
0
Helpful
3
Replies