Re: which route add?

edgar-quintana · ‎07-16-2007

Hi,

Which would be the routing configuration if the cisco 2821 has configured tw gigabitethernet port with addresses

192.168.156.254 (LAN)

83xxxxxxxxxxxxxx(conneted to the lmds device)

several ipsec tunnels configurated.

The problem is tha I do not want to used default routing configuration (0.0.0.0 0.0.0.0 83xxxxxx)

I want to have only one static permanent route for each tunnel.

best regards

Amit Singh · ‎07-16-2007

Please paste your router configuration and we will suggest accordingly.

-amit singh

edgar-quintana · ‎07-16-2007

Hi,

here is my configuration

best regards and thks

spremkumar · ‎07-17-2007

Hi Edgar

If your remote destinations are reachable via the single gateway ip then you can have a single route (default route) pointing via the host ip...

But if your vpn peers are not reachable via the gateway then you need to have different set of static routes pointing towards the gateway through which it can be reached.

If this doesnt solve your purpose do post more on the requirement you have in place and also possible placements of your remote vpn peers..

regds

edgar-quintana · ‎07-17-2007

Hi,

I need to use static routes no default route because I need to use the default one for another wic.

Jon Marshall · ‎07-17-2007

Hi Ed

Are you saying that your IPSEC peers are via a different link than you normal internet connection.

You do not need routes for the remote network in an IPSEC configuration however if the peer addresses are reachable via a different interface then you need to just add individual statics on your router eg.

ip route "peer address" 255.255.255.255 "next hop"

HTH

Jon

edgar-quintana · ‎07-17-2007

Ok

Then, resuming| ...

There are 3 ipsec site to site tunnels configured.

192.168.157.0

192.168.154.0

192.168.155.0

Mi lan is under the gigabitethernet0/0 with address 192.168.156.0

The gigabitethernet0/1 has ip address 83.xxx and routes all to the lmds device connected to this giga port.

Now there is a static route ip route 0.0.0.0 0.0.0.0 83.175.212.225 permanent and works fine but,

if I add 192.168.157.0 255.255.255.0 83.175.212.225 permanent.. and more for the rest...

It does not work ...

Pcs has static routes like this...

route add -p 192.168.157.0 mask 255.255.255.0 192.168.156.254( the router ip addres)

Where is the problem?

I do not want to use default route only specified.

Best regards

Jon Marshall · ‎07-17-2007

Ed

Please bear with me because i think i might be having one of those days :)

You don't need static routes for your remote subnets with IPSEC tunnels. Why do you need to add a route for the remote subnet pointing to the same next hop as the default route.

Jon

edgar-quintana · ‎07-17-2007

I will add a adsl wic with default route for internet browsing... and the existan gigaport for ldms tunnels

Jon Marshall · ‎07-17-2007

Ed

If you add an adsl wic for internet browsing and the tunnels still go via the gigabit connection then you need to add static routes for the remote peers not the remote subnets pointing out the gigabit interface.

Does this make sense ?

Jon

edgar-quintana · ‎07-17-2007

Then..

What will be the solution?

Adding 3 static routes (one for each tunnel)

ip route peer_address 255.255.255.255 83.175.212.225 permanent

???

Jon Marshall · ‎07-17-2007

Ed

Yes, just add routes for the remote peers and leave your default route pointing to the internet gateway.

Jon

edgar-quintana · ‎07-17-2007

Ok,,

If I only define static routes for tunnels Iwould work isnt it?

Jon Marshall · ‎07-17-2007

Ed

You will still need your default route for all non tunnel traffic.

Jon

edgar-quintana · ‎07-17-2007

Aja, but suposse that I only want tunnel traffic.. is necessary always to define default route?