Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

New Member

Problems adding routing routes

Hi,

I've a 2821 cisco router. This router has a adsl wic and a lmds connection using the second gigabit port.

Now, there is a default route configured ip route 0.0.0.0 0.0.0.0 83.x.x.x permanent.

With this configuration works fine.

There are several vpn ipsec tunnel running properly, but, is I change the routing route to ip route 192.168.157.0 255.255.255.0 83.x.x.x permanent it does not work.

Then I need to configure the routing for:

using the wic adsl for internet&nat and then the static routes for vpn ipsec tunels

what can I do?

Best regards

  • LAN Switching and Routing
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Problems adding routing routes

Edgar

If they are site-to-site VPN tunnels you do not need static routes for the VPN tunnels. The access-lists you define for use in the crypto map define the local and remote networks ie.

access-list vpntraffic permit ip 10.5.1.0 255.255.255.0 192.168.5.0 255.255.255.0

If the route receives a packet from 10.5.1.x destined for a 192.168.5.x machines it knows it has to send this traffic down the VPN tunnels. It does not need a static route.

HTH

Jon

9 REPLIES
Hall of Fame Super Blue

Re: Problems adding routing routes

Hi Edgar

Could you post a bit more detail on your setup.

If the tunnels are site-to-site VPN tunnels you do not need static routes on the router as the crypto access-list will tell the router whether or not it needs to encrypt the traffic.

Jon

New Member

Re: Problems adding routing routes

Hi,

Thnks for fast responding.

Yes.. there are site to site vpn ipsec tunnels

Hall of Fame Super Blue

Re: Problems adding routing routes

Edgar

If they are site-to-site VPN tunnels you do not need static routes for the VPN tunnels. The access-lists you define for use in the crypto map define the local and remote networks ie.

access-list vpntraffic permit ip 10.5.1.0 255.255.255.0 192.168.5.0 255.255.255.0

If the route receives a packet from 10.5.1.x destined for a 192.168.5.x machines it knows it has to send this traffic down the VPN tunnels. It does not need a static route.

HTH

Jon

Hall of Fame Super Blue

Re: Problems adding routing routes

Edit

If the route receives a packet from 10.5.1.x destined ...

should read

If the router receives a packet from 10.5.1.x destined ...

Jon

New Member

Re: Problems adding routing routes

OK...

Then there are two questions to respond:

the 2821 has two nic one for line backup if fails and the second one ads wic for internet and nat

1? how to configure the routing for backup (ipsec tunnels are already configured)

2? how to configure the routing for nat and internet browsing

Hall of Fame Super Blue

Re: Problems adding routing routes

Edgar

1) If you are using a static default route you can use another default route with a higher adminsitrative distance - called a floating static. eg.

If your primary link gateway is 83.10.1.1

your secondary link gateway is 84.10.1.1

ip route 0.0.0.0 0.0.0.0 83.10.1.1

ip route 0.0.0.0 0.0.0.0 84.10.1.1 250

The second route will only be used if the first disappears.

2) Not entirely clear. Are you askign how you would do the NAT in a failover scenario ?

Jon

New Member

Re: Problems adding routing routes

This is the situation:

a cisco 2821 two gigabit ports and a adsl wic.

The adsl wic is only for backuping the tunnels.

If the tunnels dont need adding routes, backup tunnels would not need too?

New Member

Re: Problems adding routing routes

This is the configuration.

There are 2 static routes.

The tunels only works is there is a default route configured...

is possible to enable both?

New Member

Re: Problems adding routing routes

I try to delete the default route but it does not work.

160
Views
5
Helpful
9
Replies