cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
603
Views
0
Helpful
4
Replies

VPN Select process

martinbuffleo
Level 1
Level 1

Does anyone have a document on how Cisco ASA select VPN tunnels.

i.e. looks at routing table to choose the interface then looks at crypto maps etc.

4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

It checks the crypto ACL, and match that from top to bottom of your crypto map sequence. Hence, it is required to configure crypto ACL as specific as possible (normally subnet to subnet).

Does it look at the routing table before it checks the cryptomap?

Sorry to ask, but are you actually terminating the VPN on multiple interfaces hence the question on routing?

Can you please explain what you are trying to achieve that lead to your question on whether routing or crypto map first?

manasjai
Cisco Employee
Cisco Employee

Hi,

The device would first see in its routing table  how can it reach the destination. If there is no route configured on the  asa or router to reach the destination, it would take the default  route..

Now if the egress interface (outgoing  interface) for this traffic is the same as the one on which the crypto  MAP is applied then each and every instance of the map would be checked.  If there is a match then the traffic would encapsulated and sent to  that peer thru the tunnel.

so long story short... first a route lookup would be  done and then crypto map would be checked, if there is a crypto map  applied to the egress interface

Hope this answers ur question

Cheers,

manasi

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: