Routing for Two Hosts Behind a IPSec Tunnel
Posted
by Brent
on Server Fault
See other posts from Server Fault
or by Brent
Published on 2010-06-02T22:16:35Z
Indexed on
2010/06/02
22:55 UTC
Read the original article
Hit count: 400
Network A 10.110.15.0/24 Firewall is .1 Host A is .2
Network B 10.110.16.0/24 Firewall is .1 Host B is .2
Two Cisco ASA's. IPSec tunnel with a crypo map that secures 10.110.15.0/24 <-> 10.110.16.0/24.
Let's say two hosts, 10.110.15.2 and 10.110.16.2 need to talk to each other. Normally I have to enter a persistent static route on a each host along the lines of:
route add 10.110.16.0 mask 255.255.255.0 10.110.15.1 metric 1 -p (on the "A" box)
I also have to enter another persistent static route on the .16 host in order for the traffic to know how to get back to the .15 network. Note that the default for each machine IS the firewall, so .1.
I have no problem adding persistent routes on Windows/ESX/*nux machines but what about a smart switch in the .16 network that I want to manage from the .15 network.
Do I need to run a routing protocol? Do I need to have Reverse Route Injection enabled on both ends of the IPSec tunnel? Should I add a route on the firewall? If so, how do you formulate it? Does it get a metric of 1 and my default route 0.0.0.0 get a metric of 2?
© Server Fault or respective owner