Showing results for 
Search instead for 
Did you mean: 

ASA VPN Routing

Good Afternoon, Hoping I could get some clarification on something related to Cisco ASA tunnels that a bit confusing. I have provided a general high level diagram to hopefully help illustrate my point. My main focus would be from the East Coast perspective but works either directions. My East Coast firewall has an IPSEC tunnel built to the west coast and has "interesting traffic" filters applied on the tunnels for the respective networks. Where I am a little confused is the routing portion of this config. On the East Coast router my route table states in order to reach use next-hop which is used to build the VPN tunnel between the two site, makes sense. The route I'm confused about is it then states to reach use next-hop Traffic does work today between the sites but I'm not understanding how. From a routing perspective my Firewall doesn't have a route for the gateway and that IP is on the perimeter router not the firewall so I don't understand how this works. The route does state use the "outside" interface so even though I don't have a gateway that I know how to route to if I send the data to the perimeter router regardless then he will know how to reach it. Hope I explained my confusion well enough and any information that can be provided would be appreciated. Thanks!

Everyone's tags (2)
Hall of Fame Guru

Re: ASA VPN Routing


The diagram may help :) 


If is the remote subnet via IPSEC then all you have to do is make sure the traffic is routed to the interface where you have applied your IPSEC crypto map so if the outside interface is where the crypto map is applied then that route would work although often with internet setups the default route points that way anyway. 


Like I say though, diagram would help as the above is all guesswork at the moment. 



CreatePlease to create content
Content for Community-Ad