cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Semi_Ara
Iron

How to overcome on directly connected route

Hi,

I have an appliance with version R80.10 and jumbo fix 70. 

There is a VPN tunnel with VTI to another site and there is a network (1.1.1.0/24) behind the gateway which also exist on the other site. 

I would like to route the traffic to 1.1.1.0/24 network trough the VTI to the remote site and in case the VPN fails the directly connected route will take place.

I tried to configure static routes, policy base routes, etc. on the appliance, but the directly connected route will always override the other routes.

Did someone do something like that?

Thanks

5 Replies
Admin
Admin

Re: How to overcome on directly connected route

Interface routes are kernel routes, which have a priority of zero.

They will always have priority over routes configured statically or with dynamic routing protocols.

Semi_Ara
Iron

Re: How to overcome on directly connected route

There is way to change the protocol rank value, but it does not allow to change for kernel routes. Is there a particular reason why? How other vendors do that?

0 Kudos
Admin
Admin

Re: How to overcome on directly connected route

I can't speak for how other vendors do it.

That said, there are always going to be issues when you have address space both locally and on the other end of the VPN.

Adding an extra hop between the local version of 1.1.1.0/24 and your gateway will make this a lot easier to resolve. 

0 Kudos
Semi_Ara
Iron

Re: How to overcome on directly connected route

I will check if adding additional hop if possible.

thanks

0 Kudos

Re: How to overcome on directly connected route

The way to solve this is by setting up 2 more specific routes, one for 1.1.1.0/25 and one for 1.1.1.128/25

Regards, Maarten