Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA EZVPN and summarized static routes

I have a situation where I am trying to clean up a client EZVPN setup that is not working for them.  I'm finding a lot of things that are not correct but I am looking for some confirmation on one thing I noticed.  Here is the gist..

  1. EZVPN remote has a default route learned from a carrier
  2. EZVPN remotes sites (20+) all have /24 networks in the 192.168.0.0/16 range
  3. EZVPN server currently has a static route for 192.168.0.0/16 pointing at the public gateway of the EZVPN server in addition to a default route (Not sure why)
  4. A ping from a protected network in the 192.168.30.0/24 to the network behind the server fails until I remove the route for 192.168.0.0/16.

My guess here is that the static route is grabbing that traffic and kicking it straight out the public interface and bypassing the tunnel processing until the static is removed.  At which time the only route it matches is the default route and the traffic passes through tunnel processing and works fine. 

I was hoping for some confirmation, contradiction, and maybe an explanation as to why the /16 route would be treated differently than the default route since they both pointed to the same gateway IP address.

Any input appreciated!

Thanks!

Everyone's tags (3)
497
Views
0
Helpful
0
Replies
CreatePlease login to create content