IOS IPSec routing

Hi all,

I have a 2851 router w/ IOS Adv. Services, w/ a point to point IPSec VPN setup to another 2811 router. I also am planning to setup a point-to-point T1 setup between these same two routers. My question is this:

Do IPSec VPN's use the default route for traffic? Or is there a 'hidden' route statement built when you create a VPN?

Assuming that typical Internet-based point to point VPN's use the default route, if I were to setup a GRE tunnel and run OSPF between the T1 routers, I would expect traffic to these sites to be routed via the T1, and in the event that the T1 link drops, it would be routed out via the default route, and thus, encrypted for VPN.

Am I correct in this assumption? Thanks all.


Reply to
Loading thread data ...

No hidden routes. Just the same routing as always.

formatting link

More or less.

The router can get routes from many sources, static, ospf, RIP, bgp.

The rules for selecting which route to use are complex but boil down to:-

More specific routes are preferred over less specific. is better than which is better than - i.e. default route.

In your scenario, the OSPF routes will be more specifc than the default route and so will be preferred. EXCEPT in the case of a default route received over OSPF.

When routes are equally specific then the "administrative distance" comes into play.

The AD of OSPF is (IIRC) 120 which is LESS preferred than the default AD of a static route (1).

If you did have an OSPF default route that you wanted to be preferred over a static route you could change your static route to have a high AD.

ip route x.x.x.x 200

This is sometimes refered to as a "floating static route".

Hopefully this will let you find some appropriate documents on CCO.

Good luck.

Reply to
Bod43 Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.