IOS IPSec routing

Discussion in 'Cisco' started by response3, Jan 26, 2007.

  1. response3

    response3 Guest

    Hi all,

    I have a 2851 router w/ IOS Adv. Services, w/ a point to point IPSec
    VPN setup to another 2811 router. I also am planning to setup a
    point-to-point T1 setup between these same two routers. My question is
    this:

    Do IPSec VPN's use the default route for traffic? Or is there a
    'hidden' route statement built when you create a VPN?

    Assuming that typical Internet-based point to point VPN's use the
    default route, if I were to setup a GRE tunnel and run OSPF between the
    T1 routers, I would expect traffic to these sites to be routed via the
    T1, and in the event that the T1 link drops, it would be routed out via
    the default route, and thus, encrypted for VPN.

    Am I correct in this assumption? Thanks all.

    Brian
    response3, Jan 26, 2007
    #1
    1. Advertising

  2. response3

    Guest

    On 26 Jan, 22:37, "response3" <> wrote:
    > Hi all,
    >
    > I have a 2851 router w/ IOS Adv. Services, w/ a point to point IPSec
    > VPN setup to another 2811 router. I also am planning to setup a
    > point-to-point T1 setup between these same two routers. My question is
    > this:
    >
    > Do IPSec VPN's use the default route for traffic? Or is there a
    > 'hidden' route statement built when you create a VPN?

    No hidden routes. Just the same routing as always.

    http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml
    May assist.

    > Assuming that typical Internet-based point to point VPN's use the
    > default route, if I were to setup a GRE tunnel and run OSPF between the
    > T1 routers, I would expect traffic to these sites to be routed via the
    > T1, and in the event that the T1 link drops, it would be routed out via
    > the default route, and thus, encrypted for VPN.

    More or less.

    The router can get routes from many sources, static,
    ospf, RIP, bgp.

    The rules for selecting which route to use are complex
    but boil down to:-

    More specific routes are preferred over less specific.
    10.0.0.0 255.255.255.0 is better than
    10.0.0.0 255.0.0.0 which is better than
    0.0.0.0 0.0.0.0 - i.e. default route.

    In your scenario, the OSPF routes will be more specifc
    than the default route and so will be preferred. EXCEPT
    in the case of a default route received over OSPF.

    When routes are equally specific then the "administrative
    distance" comes into play.

    The AD of OSPF is (IIRC) 120 which is LESS
    preferred than the default AD of a static route (1).

    If you did have an OSPF default route that you wanted to be
    preferred over a static route you could change your static
    route to have a high AD.

    ip route 0.0.0.0 0.0.0.0 x.x.x.x 200

    This is sometimes refered to as a "floating static route".

    Hopefully this will let you find some appropriate
    documents on CCO.

    Good luck.
    , Jan 27, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David

    IPSec vs. L2TP/IPsec vs. PPTP

    David, Jan 7, 2004, in forum: Cisco
    Replies:
    0
    Views:
    6,768
    David
    Jan 7, 2004
  2. AM
    Replies:
    0
    Views:
    640
  3. AM
    Replies:
    1
    Views:
    545
  4. AM
    Replies:
    0
    Views:
    445
  5. Mike Rahl
    Replies:
    1
    Views:
    1,238
    Trendkill
    May 30, 2007
Loading...

Share This Page