On 26 Jan, 22:37, "response3" <i...@atomitek.com> wrote:
> Hi all,
>
> I have a 2851 router w/ IOS Adv. Services, w/ a point to point IPSec
> VPN setup to another 2811 router. I also am planning to setup a
> point-to-point T1 setup between these same two routers. My question is
> this:
>
> Do IPSec VPN's use the default route for traffic? Or is there a
> 'hidden' route statement built when you create a VPN?
No hidden routes. Just the same routing as always.
http://www.cisco.com/en/US/tech/tk64...80133ddd.shtml
May assist.
> Assuming that typical Internet-based point to point VPN's use the
> default route, if I were to setup a GRE tunnel and run OSPF between the
> T1 routers, I would expect traffic to these sites to be routed via the
> T1, and in the event that the T1 link drops, it would be routed out via
> the default route, and thus, encrypted for VPN.
More or less.
The router can get routes from many sources, static,
ospf, RIP, bgp.
The rules for selecting which route to use are complex
but boil down to:-
More specific routes are preferred over less specific.
10.0.0.0 255.255.255.0 is better than
10.0.0.0 255.0.0.0 which is better than
0.0.0.0 0.0.0.0 - i.e. default route.
In your scenario, the OSPF routes will be more specifc
than the default route and so will be preferred. EXCEPT
in the case of a default route received over OSPF.
When routes are equally specific then the "administrative
distance" comes into play.
The AD of OSPF is (IIRC) 120 which is LESS
preferred than the default AD of a static route (1).
If you did have an OSPF default route that you wanted to be
preferred over a static route you could change your static
route to have a high AD.
ip route 0.0.0.0 0.0.0.0 x.x.x.x 200
This is sometimes refered to as a "floating static route".
Hopefully this will let you find some appropriate
documents on CCO.
Good luck.
Similar Threads
