Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
362
Views
0
Helpful
2
Replies

Static route is heavier than VPN tunnel??

bjr
Level 1
Level 1

‎04-26-2005 04:07 AM - edited ‎02-21-2020 01:44 PM

Have configured an EasyVPN tunnel for a customer with lots of 10.x.x.x nets. Did not get it working until I changed the VPN office to 192.168.n.n. I the discovered that the central PIX had a 10.0.0.0 0.255.255.255 route back to inside central WAN router. When I changed the generic route to lots of specific ones I got the VPN office working under 10.x.x.x. Does the static routes whack the routes provided by the IPSEC SA's?

Regards

Bjorn

Labels:
0 Helpful
2 Replies 2

lgijssel
Level 9
Level 9

‎04-26-2005 06:33 AM

Please have a look at the following URL concerning route selection. It says it's about routers but this is equally valid for the PIX.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094823.shtml

I suppose it explains your questions regarding this topic.

Regards,

Leo

0 Helpful

bjr
Level 1
Level 1
In response to lgijssel

‎04-26-2005 10:11 AM

Well, it doesn't really. I think anyway. Becuase it does not talk about how routes from the crypto engine is inserted into the routing table. In the pix the actual route is not defined via the "route n.n.n.n mask next hop". It comes from the access-list specified in the vpngroup definition, I guess. But if static has the weight of 1, that is hard to beat.

Regards

Bjorn

0 Helpful
Customers Also Viewed These Support Documents