Good Afternoon, Hoping I could get some clarification on something related to Cisco ASA tunnels that a bit confusing. I have provided a general high level diagram to hopefully help illustrate my point. My main focus would be from the East Coast perspective but works either directions. My East Coast firewall has an IPSEC tunnel built to the west coast and has "interesting traffic" filters applied on the tunnels for the respective networks. Where I am a little confused is the routing portion of this config. On the East Coast router my route table states in order to reach 4.4.4.1/32 use next-hop 3.3.3.2 which is used to build the VPN tunnel between the two site, makes sense. The route I'm confused about is it then states to reach 2.2.2.0/24 use next-hop 4.4.4.2. Traffic does work today between the sites but I'm not understanding how. From a routing perspective my Firewall doesn't have a route for the 4.4.4.2 gateway and that IP is on the perimeter router not the firewall so I don't understand how this works. The route does state use the "outside" interface so even though I don't have a gateway that I know how to route to if I send the data to the perimeter router regardless then he will know how to reach it. Hope I explained my confusion well enough and any information that can be provided would be appreciated. Thanks!