Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
773
Views
0
Helpful
3
Replies

Routing through a VPN.

Go to solution
JohnTylerPearce
Level 7
Level 7

‎09-13-2011 09:06 AM

I was wondering if anyone knew a good article to explain how routing works through a VPN.

If you a SSL VPN with the following routes in it's routing table

----------------------------------------------------------------------------------------

route outside 0.0.0.0 0.0.0.0 204.90.21.1 1

route inside xxxx 255.255.255.255 172.18.0.1 1

route inside 204.110.220.0 255.255.240.0 172.18.0.1 1

route inside 204.110.250.0 255.255.255.0 172.18.0.1 1

The VPN is working great, but I'm just wondeirng how it's possible for me to connect to VPN

and then successfully ping 192.168.1.1 or 204.110.210.0 when there is no route in the route

table of the ASA.

Maybe I just dont fully understanding how routing works through the VPN via ASA so to speak.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
raga.fusionet
Level 4
Level 4
In response to JohnTylerPearce

‎09-14-2011 11:54 AM

Well, basically once the VPN client creates a secure connection against the VPN server, if the traffic matches the networks pushed by the server, the traffic gets encrypted and sent to the the VPN peer using the client's default gateway.

The VPN server or peer then recieves the packet unencrypts it and sends it to the printer.

The routing part works pretty much the same the only difference is that the packet travels encryped thruought the Internet.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
raga.fusionet
Level 4
Level 4

‎09-13-2011 12:37 PM

Hi John,

When packets arrive from your internal network the ASA checks a number of things before it sends the packet to it's destination, including access-groups, NAT, crypto ACLS, among others.

When the traffic matches the crypto ACL it looks up the the appropiate VPN peer to which it needs to send the traffic, then it encrypts it or decrypts it depending on the case and send it to the remote IP. Now, thru which interface it sends the packet will depend on your routing table. If there is no route configured for the remote peer then the ASA will just the default route.

If you want to understand better what happens to a packet when traversing thru the ASA you might to take a look at the packet tracer.

Here is a post that explains a little bit about it:

https://supportforums.cisco.com/docs/DOC-5796

HTH.

Raga

0 Helpful

Go to solution
JohnTylerPearce
Level 7
Level 7
In response to raga.fusionet

‎09-14-2011 11:37 AM

I checked on the website and it mainly talked about using packet-tracer which I know how to use.

I tried to find some more links about how the actual routing goes from lets say a VPN users at home to a network

printer at the office. I do appreciate the link though, I did learn a few more things about using packet-tracer.

0 Helpful

Go to solution
raga.fusionet
Level 4
Level 4
In response to JohnTylerPearce

‎09-14-2011 11:54 AM

Well, basically once the VPN client creates a secure connection against the VPN server, if the traffic matches the networks pushed by the server, the traffic gets encrypted and sent to the the VPN peer using the client's default gateway.

The VPN server or peer then recieves the packet unencrypts it and sends it to the printer.

The routing part works pretty much the same the only difference is that the packet travels encryped thruought the Internet.

0 Helpful
Customers Also Viewed These Support Documents