Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Routing traffic out of the source interface which is also IPsec crypto-map interface

Hi

(see below image) I'm trying to establish correct routing from my company towards some machines at a clients site. The LAN-2-LAN tunnel gets established from xxx.244.260.176 towards mycompany router at the clients' site on the other end nnn.211.0.54. My servers in segment interesting traffic A is reachable. However servers in segment B are not.

Routing should be as far as I know, as follows:

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route nnn.211.0.0 255.255.0.0 nnn.211.0.53
ip route 192.168.56.0 255.255.255.0 FastEthernet0/0
ip route 192.168.57.0 255.255.255.0 FastEthernet0/0
ip route 192.168.58.0 255.255.255.0 FastEthernet0/0
ip route 192.168.60.0 255.255.255.0 nnn.211.0.53

Currently we connect to the servers via a fiber connection that is to be dismantled shortly, it is connected via interface FastEthernet0/0. In this setup segment B is reachable.

Simple 1.jpg

I hope you can help me, I think I've tried everything, am I overlooking something?

Thanks in advance!

With kind regards, Tom

2 REPLIES
Hall of Fame Super Blue

Re: Routing traffic out of the source interface which is also IP

tom.teunissen@capgemini.com

Hi

(see below image) I'm trying to establish correct routing from my company towards some machines at a clients site. The LAN-2-LAN tunnel gets established from xxx.244.260.176 towards mycompany router at the clients' site on the other end nnn.211.0.54. My servers in segment interesting traffic A is reachable. However servers in segment B are not.

Routing should be as far as I know, as follows:

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route nnn.211.0.0 255.255.0.0 nnn.211.0.53
ip route 192.168.56.0 255.255.255.0 FastEthernet0/0
ip route 192.168.57.0 255.255.255.0 FastEthernet0/0
ip route 192.168.58.0 255.255.255.0 FastEthernet0/0
ip route 192.168.60.0 255.255.255.0 nnn.211.0.53

Currently we connect to the servers via a fiber connection that is to be dismantled shortly, it is connected via interface FastEthernet0/0. In this setup segment B is reachable.

I hope you can help me, I think I've tried everything, am I overlooking something?

Thanks in advance!

With kind regards, Tom

Tom

It's not entirely clear what your'e problem is.

Do you want to use the VPN tunnel to get to site B ie. 192.168.60.0 or do you just want to route traffic direct.

If you want to route traffic direct then does it need to be in an IPSEC tunnel or not ?

There is no reason why you cannot send 192.168.56/57/58 traffic down the IPSEC tunnel and then 192.168.60.0 traffic not down the tunnel. This is nothing to do with routing and is to do with the crypto map access-lists.

Perhaps you clarify exactly what the problem is ?

Jon

New Member

Re: Routing traffic out of the source interface which is also IP

Hi,

Of course I'll try to explain:

My company manages several servers in interesting traffic segment A and B at the client site. These should be reachable from my company. Our management servers like HPOV and CiscoWorks are in the range xxx.28.206.0 /24 and management users, for setting up rdp sessions or https ilo/drac sessions, receive a PAT address xxx.28.206.254. All traffic is being tunneled between our site and the customers' site.

!!! The cloud is not a WAN cloud but the internet, thus VPN/L2L tunnel is required !!!

The tunnel itself works; I can connect to segment A, but when routed back towards the source interface all fails.

I have an access-list on the interface loggingonly permits, so the packets are sent.

A trace shows only next hop nnn.211.0.53.

Ping from the nnn.211.0.54 router towards nnn.211.4.85 is successful.

However, this address doen't show in the ARP table.

... :'(

Regards, Tom

436
Views
0
Helpful
2
Replies