> no, you just need a route to the destination, this is a known a route to the destination of the tunnel...(that overlaps with the encap route...)...
> but and there's no simple fix. however, just create a network > route for the peer that points back to the sender. this way ...or a route to the isakmpd peer? because techncially one gets added to the route table by ARP: 192.168.1.50 0:11:43:e8:2b:c6 UHLc 0 679672 - vlan30 ...this of course would differ if there were multiple hops between the isakmpd peers. ~BAS > you avoid sending out unencrypted traffic if the ipsec tunnels > are down. > > -m