Tip

This is the documentation for the 19.02 version. Looking for the documentation of the latest version? Have a look here.

IPsec Routes

The IPsec interface allows the peers to talk directly, but in most cases with IPsec there is more interesting traffic to handle. For example, a larger subnet on the LAN side of each peer that must communicate securely.

tnsr(config)# route ipv4 table ipv4-VRF:0
tnsr(config-rt-table-v4)# route 10.25.0.0/16
tnsr(config-rt4-next-hop)# next-hop 0 via 172.32.0.2 ipsec0
tnsr(config-rt4-next-hop)# exit
tnsr(config-rt-table-v4)# exit
tnsr(config)# exit

In this example, a route is added to the main IPv4 routing table for a subnet located behind the peer. Any traffic trying to reach a host inside the 10.25.0.0/16 subnet will be routed through the ipsec0 interface using the peer’s address in that subnet (172.32.0.2) as the next hop.