Domain Based VPN - Routing
m3zilla
Member Posts: 172
I'm almost embarrassed to ask, but when you're using a Domain Based VPN, do you have to define routes for the encryption domain? For example,
Gateway A
Gateway B
When you define a domain based VPN, do you have to add a route on each gateway, pointing the peer's encryption domain to its external IP? For instance, on Gateway A, do I need to add a route for 172.16.0.0/24, with a next hop of 2.2.2.2?
I would assume that based on the encryption domain, and the topology of the object, routing would be taken care of. However, I'm labbing up this scenario, and it would not work until I add the routes in the gateway.
In the past, I've always had a simple lab of 2 gateway as above, with a default route pointing to each other so I've never ran across this issue. At work, all our VPNs uses public IP so routing is taken care of by BGP.
Gateway A
- Internal: 10.0.0.0/24 (also encryption domain)
- External: 1.1.1.1
Gateway B
- Internal: 172.16.0.0/24 (also encryption domain)
- External: 2.2.2.2
When you define a domain based VPN, do you have to add a route on each gateway, pointing the peer's encryption domain to its external IP? For instance, on Gateway A, do I need to add a route for 172.16.0.0/24, with a next hop of 2.2.2.2?
I would assume that based on the encryption domain, and the topology of the object, routing would be taken care of. However, I'm labbing up this scenario, and it would not work until I add the routes in the gateway.
In the past, I've always had a simple lab of 2 gateway as above, with a default route pointing to each other so I've never ran across this issue. At work, all our VPNs uses public IP so routing is taken care of by BGP.
Comments
-
m3zilla
Member Posts: 172
Figured it out. The encryption/encapsulation process occurs after the routing decision. I knew it was something simple...