Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IP routing question for a VPn


I have a VPN up & running, which connects to another company. I would like to put in a static route in my router with a destination of one of the subnets on their network.

What should I use as the next hop for the static route... their end of the IPsec tunnel? (which is reached over the internet)



Re: IP routing question for a VPn

you need to add their destination to your crypto ACL. Is your vpn device the default gateway on your network? All you need to do for routing is make sure traffic destined for the remote network gets to your vpn device. the crypto acl will take care of the rest. The crypto acl on the other company's peer will also need modified.

New Member

Re: IP routing question for a VPn


The destination is in the Crypto ACl. The problem is that the destination network is not known in our network and the default route for other devices (not the one the crypto ACL is on) is in a different direction than towards the ISP & internet.

So I thought i'd add a static route to the destination network which will be redistributed into our internal EIGRP.


Lisa G

Cisco Employee

Re: IP routing question for a VPn

I am assuming that you are talking about the router that you terminate your VPN Connections. If there is already a default route configured, then you dont really need to add a static route. Just make sure that your internal devices know that they need to send the packets to the VPN Router to send it across the tunnel and the VPN Router should look up in its routing table and follow the default route to reach the PEER.

Can you post a copy of your configuration, so we can take a look at it and assist you.



** Please rate all helpful posts **

New Member

Re: IP routing question for a VPn

Thanks I think I'm good to go.

I just needed to make sure that the correct next hop for the dest would be the IPSEC peer, and that putting in a static route to a destination with the IPSEc peer as the next hop won't interfere with the Crypto ACl in any way.

Thanks for your assistance!

CreatePlease login to create content