As i know, the st0 interface is used when the gateways are configured with route based VPN.
But my question is, say below is the topology
A<—->B<—->C<—->D
A and D are hosts, B and C are the routers/gateways.
Now, if we want to reach D from A, we can directly have a route from B with the next hop being C.
The same is being done when using st0. st0 is configured on B and C and when A has to reach D, the next hop for B will be st0. And the same is when D has to reach A, the next hop will be st0 for C.
So, cant we just have their gateway IP address added as the next-hop instead of mapping them to st0?
Aren't we doing the same thing?
If not, can anyone please help me understand it better.
Best Answer
Traffic will still flow between A and D if you set the next-hop of B or C instead of st0.0 (assuming there are no NAT or security policy issues) however you will no longer be routing through the tunnel interface and encrypting the traffic.
Usually when using an IPSEC tunnel, the link between B and C will be more hops and/or controlled by a third party, so you will route via the tunnel.