Solved: Why is this route using a tunneled default route?

jmaxwellUSAF · ‎02-28-2023

Hello.
GIVEN:

Packet1 tries to reach server2 (72.16.139.5) that lives remotely through a L2L tunnel. The packet travels 4 hops through the LAN to an ASA-5525.

ASA-5525# sh route
Gateway of last resort is 1.1.1.1 to network 0.0.0.0
S* 0.0.0.0 0.0.0.0 [1/0] via 1.1.1.1, outside

ASA-5525# sh route 172.16.139.0
% Subnet not in table
S 0.0.0.0 0.0.0.0 [255/0] via 172.16.237.1, inside tunneled
---

Question: Why is a route to 172.16.139.0 using a tunneled default route, and not the S* route? (By the way, as per my inspection, route S 0.0.0.0 0.0.0.0 [255/0] via 172.16.237.1 leads to a routing loop between this ASA-5525 and the switch.)

Thank you.

Rob Ingram · ‎02-28-2023

@jmaxwellUSAF because you can define a separate default route for VPN traffic if you want your VPN traffic to use a different default route than your non VPN traffic using the tunneled keyword. Traffic incoming from VPN connections can be easily directed towards internal networks, while traffic from internal networks can be directed towards the outside.

View solution in original post

Rob Ingram · ‎02-28-2023

@jmaxwellUSAF because you can define a separate default route for VPN traffic if you want your VPN traffic to use a different default route than your non VPN traffic using the tunneled keyword. Traffic incoming from VPN connections can be easily directed towards internal networks, while traffic from internal networks can be directed towards the outside.