Network A 10.110.15.0/24 Firewall is .1 Host A is .2
Network B 10.110.16.0/24 Firewall is .1 Host B is .2
Two Cisco ASA's. IPSec tunnel with a crypo map that secures 10.110.15.0/24 <-> 10.110.16.0/24.
Let's say two hosts, 10.110.15.2 and 10.110.16.2 need to talk to each other. Normally I have to enter a persistent static route on a each host along the lines of:
route add 10.110.16.0 mask 255.255.255.0 10.110.15.1 metric 1 -p (on the "A" box)
I also have to enter another persistent static route on the .16 host in order for the traffic to know how to get back to the .15 network. Note that the default for each machine IS the firewall, so .1.
I have no problem adding persistent routes on Windows/ESX/*nux machines but what about a smart switch in the .16 network that I want to manage from the .15 network.
Do I need to run a routing protocol? Do I need to have Reverse Route Injection enabled on both ends of the IPSec tunnel? Should I add a route on the firewall? If so, how do you formulate it? Does it get a metric of 1 and my default route 0.0.0.0 get a metric of 2?
If the default gateways on Hosts A and B are their respective firewall boxes (.1) then it should already be working.
All you're doing by adding those static routes is to tell the host to direct traffic for that subnet to the firewall - which it should already be doing if the default gateway is set correctly.
Also are you sure the subnet mask is set correctly on host A & B - if you had it as 255.255.0.0 that would create the symptoms you describe.