Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2585
Views
15
Helpful
4
Replies

How to prevail an static route over a directly connected network

Go to solution
jmprats
Level 4
Level 4

‎11-15-2018 02:19 AM

Hi, we have some overlapping networks in our WAN.

I need to route the traffic from 192.168.128.0 to one IP (10.3.4.7/32) through a VPN .

The problem is the router has got an interface with this network 10.3.0.0/16 and the administrative distance of directly connected networks is 0, which preveil over static route. How can I use the static route over the directly connected network?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to dbeattie

‎11-15-2018 02:44 PM

Dave makes a very good point and deserves +5. The important thing to understand is that the administrative distance difference between connected routes and static routes only comes into play when we have a connected route and a static route for the same prefix. If we have a connected route for a /24 and a static route for a /32 then AD does not come into play. Any packet with destination for the specific host in the static route will use the static route while packets for all other destination in the subnet will use the connected route.

 

HTH

 

Rick

HTH

Rick

View solution in original post

4 Replies 4

Go to solution
paul driver
VIP
VIP

‎11-15-2018 02:33 AM

Hello

@jmprats wrote:

Hi, we have some overlapping networks in our WAN.

I need to route the traffic from 192.168.128.0 to one IP (10.3.4.7/32) through a VPN .

The problem is the router has got an interface with this network 10.3.0.0/16 and the administrative distance of directly connected networks is 0, which preveil over static route. How can I use the static route over the directly connected network?

Thanks

You may be able to use Policy based Routing (PBR) to manipulate the traffic path


Can you post the:
Sh ip route static

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
dbeattie
Level 1
Level 1

‎11-15-2018 05:09 AM

From memory, assuming that this is just a standard IPSec VPN (i.e. not GRE-over-IPSec) I think you can add a static route to the /32 via the next hop address on the external (VPN peering) interface. This will cause the traffic to be routed that way and the encryption will simply happen on the way out if it falls within the encryption domain ACL. The /32 static route should always win over the /16 connected interface.

 

Please try this and let us know how you get on.

 

Hope this helps

 

Dave

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to dbeattie

‎11-15-2018 02:44 PM

Dave makes a very good point and deserves +5. The important thing to understand is that the administrative distance difference between connected routes and static routes only comes into play when we have a connected route and a static route for the same prefix. If we have a connected route for a /24 and a static route for a /32 then AD does not come into play. Any packet with destination for the specific host in the static route will use the static route while packets for all other destination in the subnet will use the connected route.

 

HTH

 

Rick

HTH

Rick

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Richard Burts

‎11-16-2018 06:41 AM

I am glad that our responses have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions that have helpful information. One advantage of communities like this is having multiple people reading the questions and providing their own insight and suggestions.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Top