Monday, February 25, 2013

Mystery Static Route Entries

The other night I was going through our ASA trying to figure out how to make a new VLAN I'd created available through the L2L and remote VPN connections. I did a sh route and saw that there were a bunch of static routes that pointed private IPs to the outside interface, which made no sense. I also realized, comparing the output to a backed up config file I had, that the routes had actually changed so the config change was recent. I was puzzled and started to look into this more closely.

What I found out, thanks to the Cisco Support Community Forums, was that L2L and Client VPN connections inject their own route into the routing table. A VPN client connected to the outside interface will be added as a static route towards the outside interface. A good thing to know. Panic averted.

No comments:

Post a Comment