Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

next hop for a static route - with an IPSEC tunnel


I have a general question about static routes through an IPSEC tunnel... we tried a next hop for the static route being the other end of the IPsec tunnel... it didn't get entered into the ip routing table. then we made the next hop the interface which the crypto map is applied to.... this kinda worked (at least this time the static route made it into the routing table).

Do you have any guidelines or info regarding the next hop for a static route for which the destination is the IPSEC peer?

Much thanks.

Lisa G


Re: next hop for a static route - with an IPSEC tunnel


If you are using IPSec tunnels(no gre)...routes are not mandatory...

Let's say that you've got a router at site 1 and a router at site 2. Those site are linked by the internet(ISP). The default route on those 2 router point to the ISP. In that case, you dont need to have a static route to the other network. You'll use static to force trafic to go tru a interface where your crypto-map is applied if it's not already the default behavior.

The Crypto ACL will decide what goes accross the VPN tunnel and the ACL must match(reverse) on each side of the tunnel. Also, make sure you dont NAT the trafic between the two site if you realy dont need to.

CreatePlease to create content