Which would be the routing configuration if the cisco 2821 has configured tw gigabitethernet port with addresses
83xxxxxxxxxxxxxx(conneted to the lmds device)
several ipsec tunnels configurated.
The problem is tha I do not want to used default routing configuration (0.0.0.0 0.0.0.0 83xxxxxx)
I want to have only one static permanent route for each tunnel.
If your remote destinations are reachable via the single gateway ip then you can have a single route (default route) pointing via the host ip...
But if your vpn peers are not reachable via the gateway then you need to have different set of static routes pointing towards the gateway through which it can be reached.
If this doesnt solve your purpose do post more on the requirement you have in place and also possible placements of your remote vpn peers..
Are you saying that your IPSEC peers are via a different link than you normal internet connection.
You do not need routes for the remote network in an IPSEC configuration however if the peer addresses are reachable via a different interface then you need to just add individual statics on your router eg.
ip route "peer address" 255.255.255.255 "next hop"
Then, resuming| ...
There are 3 ipsec site to site tunnels configured.
Mi lan is under the gigabitethernet0/0 with address 192.168.156.0
The gigabitethernet0/1 has ip address 83.xxx and routes all to the lmds device connected to this giga port.
Now there is a static route ip route 0.0.0.0 0.0.0.0 22.214.171.124 permanent and works fine but,
if I add 192.168.157.0 255.255.255.0 126.96.36.199 permanent.. and more for the rest...
It does not work ...
Pcs has static routes like this...
route add -p 192.168.157.0 mask 255.255.255.0 192.168.156.254( the router ip addres)
Where is the problem?
I do not want to use default route only specified.
Please bear with me because i think i might be having one of those days :)
You don't need static routes for your remote subnets with IPSEC tunnels. Why do you need to add a route for the remote subnet pointing to the same next hop as the default route.
If you add an adsl wic for internet browsing and the tunnels still go via the gigabit connection then you need to add static routes for the remote peers not the remote subnets pointing out the gigabit interface.
Does this make sense ?
What will be the solution?
Adding 3 static routes (one for each tunnel)
ip route peer_address 255.255.255.255 188.8.131.52 permanent
No if you only want to tunnel traffic it isn't. But then if you only want to tunnel traffic then why bother with static routes for each peer address, you could just use the default route. Unless of course the remote peers are reachable via different next hops.
Ill install the wic adsl and give to it the default route.. and configure ip route ipeer 255.255.255.255 next hop
One question... when you add a static route for a public address the mask which woul be 255.255.255.255?
Well.... Ill try to install the wic configured as atm0/0/1 point to point with default route through this interface and then static routes with peer and next hop lmds
I have added a default route for atmo01 interface and for vnp tunnels..
ip route 192.168.157.0 255.255.255.0 184.108.40.206 permanent
ip route 80.xxx 255.255.255.255 220.127.116.11 permanent
The sdm software told me to add both routes to peer and to ip lan addresses