Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Semi_Ara
Participant

How to overcome on directly connected route

Hi,

I have an appliance with version R80.10 and jumbo fix 70. 

There is a VPN tunnel with VTI to another site and there is a network (1.1.1.0/24) behind the gateway which also exist on the other site. 

I would like to route the traffic to 1.1.1.0/24 network trough the VTI to the remote site and in case the VPN fails the directly connected route will take place.

I tried to configure static routes, policy base routes, etc. on the appliance, but the directly connected route will always override the other routes.

Did someone do something like that?

Thanks

5 Replies
PhoneBoy
Admin
Admin

Interface routes are kernel routes, which have a priority of zero.

They will always have priority over routes configured statically or with dynamic routing protocols.

Semi_Ara
Participant

There is way to change the protocol rank value, but it does not allow to change for kernel routes. Is there a particular reason why? How other vendors do that?

0 Kudos
PhoneBoy
Admin
Admin

I can't speak for how other vendors do it.

That said, there are always going to be issues when you have address space both locally and on the other end of the VPN.

Adding an extra hop between the local version of 1.1.1.0/24 and your gateway will make this a lot easier to resolve. 

0 Kudos
Semi_Ara
Participant

I will check if adding additional hop if possible.

thanks

0 Kudos
Maarten_Sjouw
Champion
Champion

The way to solve this is by setting up 2 more specific routes, one for 1.1.1.0/25 and one for 1.1.1.128/25

Regards, Maarten

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events