[Cialug] IPSec network routing
Mike Hughes
mike at visionary.com
Fri Jul 10 20:25:02 UTC 2020
Hi LUGers,
We manage an IPSec connection between vendors over public IP space. The question I have is: Is it necessary to specify the route for each IP address, or will the firewall figure it out?
Our existing tunnels, which are operational, have routes defined in the OS such as:
#EEE
204.135.40.77 via 192.168.2.1 src 192.168.2.220
#PPP
10.76.48.240 via 192.168.2.1 src 192.168.2.221
#AAA
204.135.219.241 via 192.168.2.1 src 192.168.2.46
The above are defined within route-device files named:
route-enp5s0:220
route-enp5s0:221
route-enp5s0:46
which correspond to network device definition files such as:
ifcfg-enp5s0:220
ifcfg-enp5s0:221
ifcfg-enp5s0:46
The routing table looks like this:
[Cent-7:mike at myserver ~]$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 100 0 0 enp5s0
10.76.48.240 192.168.2.1 255.255.255.255 UGH 0 0 0 enp5s0
192.168.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp5s0
234.123.45.77 192.168.2.1 255.255.255.255 UGH 0 0 0 enp5s0
123.123.243.241 192.168.2.1 255.255.255.255 UGH 0 0 0 enp5s0
Was all this necessary? Or will the routes defined within the firewall take care of this?
Thanks!
Mike
More information about the Cialug
mailing list