Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
535
Views
0
Helpful
3
Replies

routing multiple gateways site-2-site VPN

Go to solution
james.silvius
Level 1
Level 1

‎10-07-2016 11:50 AM - edited ‎03-05-2019 07:13 AM

I've got an odd setup and need some help.

We have and ISP with a /29 network. We connected the Ethernet handoff to a layer 2 device and connected one end to an Calyptix firewall and one to our Cisco 2811.

the router currently has a default route that points to the Calyptix firewall.

The router currently also has a P2P T1 line to the corp office.

We'd like to setup a site-to-site VPN from this Router to the corp office and use the P2P as the backup for local traffic, but everything else goes out the ASA.

I feel like I should be able to setup a tunnel between the two Public IP address (branch and corp), but I can't ping the corp public IP address from the branch because it routes to the firewall (default route).

What am I missing?

I've attached a PDF of the network setup.

I tried setting up static routes

ip route 50.199.17.17 255.255.255.255 72.34.95.209

&

ip route 72.34.95.210 255.255.255.255 50.199.17.22

But that didn't work, any thoughts or suggestions?

Labels:
Preview file
197 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
soulasmarios
Level 1
Level 1

‎10-07-2016 12:59 PM

Hi James,

1. Please check the traffic from 50.199.17.17 to 72.34.95.210 where it goes. Do a trace route to 72.34.95.210 and verify if it goes to 210 OR to .211(capture on firewall) and then to 210

Note: Maybe the return traffic flows from 50.199.17.16 --> Firewall (72.34.95.211) --> Router based on your current setup(Maybe ISP force it to go this way)

2. Please check that you dont receive this route(50.199.17.16/29) from P2P T1 somehow by doing a trace from 72.34.95.210 to 50.199.17.17.

3. Verify that you don t have any ACL inbound on both routers.

Please mark this post as the correct one if it works.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
soulasmarios
Level 1
Level 1

‎10-07-2016 12:59 PM

Hi James,

1. Please check the traffic from 50.199.17.17 to 72.34.95.210 where it goes. Do a trace route to 72.34.95.210 and verify if it goes to 210 OR to .211(capture on firewall) and then to 210

Note: Maybe the return traffic flows from 50.199.17.16 --> Firewall (72.34.95.211) --> Router based on your current setup(Maybe ISP force it to go this way)

2. Please check that you dont receive this route(50.199.17.16/29) from P2P T1 somehow by doing a trace from 72.34.95.210 to 50.199.17.17.

3. Verify that you don t have any ACL inbound on both routers.

Please mark this post as the correct one if it works.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎10-07-2016 01:37 PM

Hello,

in your static routes, try to configure the outgoing interface as the next hop instead of the next hop IP address, e.g.:

ip route 50.199.17.17 255.255.255.255 serial0

ip route 72.34.95.210 255.255.255.255 serial0

0 Helpful

Go to solution
james.silvius
Level 1
Level 1

‎10-11-2016 11:33 AM

In a round about why you were correct. I had the correct ip addresses listed in my issue, but in my configs we has the wrong gateway. I was reviewing the info from an old copy of the config file that I had copied to my tftp server. When I looked at the actual running config, it had a wrong IP address for the gateway.

Thanks for all the input.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card