[Cialug] IPSec network routing
Kyle H
khamil8686 at gmail.com
Fri Jul 10 20:35:59 UTC 2020
i’d have to sit down and figure this out, i do have my ccna at least. just
wanted to say if no one else pipes up when i get home i could look closer
at all your routes
On Fri, Jul 10, 2020 at 3:26 PM Mike Hughes <mike at visionary.com> wrote:
> Hi LUGers,
>
> We manage an IPSec connection between vendors over public IP space. The
> question I have is: Is it necessary to specify the route for each IP
> address, or will the firewall figure it out?
>
> Our existing tunnels, which are operational, have routes defined in the OS
> such as:
> #EEE
> 204.135.40.77 via 192.168.2.1 src 192.168.2.220
> #PPP
> 10.76.48.240 via 192.168.2.1 src 192.168.2.221
> #AAA
> 204.135.219.241 via 192.168.2.1 src 192.168.2.46
>
> The above are defined within route-device files named:
> route-enp5s0:220
> route-enp5s0:221
> route-enp5s0:46
>
> which correspond to network device definition files such as:
> ifcfg-enp5s0:220
> ifcfg-enp5s0:221
> ifcfg-enp5s0:46
>
> The routing table looks like this:
> [Cent-7:mike at myserver ~]$ route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 0.0.0.0 192.168.2.1 0.0.0.0 UG 100 0 0
> enp5s0
> 10.76.48.240 192.168.2.1 255.255.255.255 UGH 0 0 0
> enp5s0
> 192.168.2.0 0.0.0.0 255.255.255.0 U 100 0 0
> enp5s0
> 234.123.45.77 192.168.2.1 255.255.255.255 UGH 0 0 0
> enp5s0
> 123.123.243.241 192.168.2.1 255.255.255.255 UGH 0 0 0
> enp5s0
>
> Was all this necessary? Or will the routes defined within the firewall
> take care of this?
>
> Thanks!
>
> Mike
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>
More information about the Cialug
mailing list