Routing for Two Hosts Behind a IPSec Tunnel

Posted by Brent on Server Fault See other posts from Server Fault or by Brent
Published on 2010-06-02T22:16:35Z Indexed on 2010/06/02 22:55 UTC
Read the original article Hit count: 403

Filed under:
|
|
|

Network A 10.110.15.0/24 Firewall is .1 Host A is .2

Network B 10.110.16.0/24 Firewall is .1 Host B is .2

Two Cisco ASA's. IPSec tunnel with a crypo map that secures 10.110.15.0/24 <-> 10.110.16.0/24.

Let's say two hosts, 10.110.15.2 and 10.110.16.2 need to talk to each other. Normally I have to enter a persistent static route on a each host along the lines of:

route add 10.110.16.0 mask 255.255.255.0 10.110.15.1 metric 1 -p (on the "A" box)

I also have to enter another persistent static route on the .16 host in order for the traffic to know how to get back to the .15 network. Note that the default for each machine IS the firewall, so .1.

I have no problem adding persistent routes on Windows/ESX/*nux machines but what about a smart switch in the .16 network that I want to manage from the .15 network.

Do I need to run a routing protocol? Do I need to have Reverse Route Injection enabled on both ends of the IPSec tunnel? Should I add a route on the firewall? If so, how do you formulate it? Does it get a metric of 1 and my default route 0.0.0.0 get a metric of 2?

© Server Fault or respective owner

Related posts about firewall

Related posts about vpn