Hello Hong
In this particular case, the ASAs are directly connected. The next hop is actually the other ASA. But even if there were other routers in between the two ASAs, the command would still be the same. Why? Because we are telling the local ASA specifically how to reach the subnet behind the remote ASA. It is assumed that the ASA, if connected to the internet, would already have a default route to the ISP router. However, we want this destination network to be sent directly to the outside interface of the remote ASA.
This might sound a little bit strange, configuring a static route with a destination IP address that is not directly connected. But this is acceptable. What will happen in this case is recursive routing.
If you have a router in bridge mode I assume you mean that it is passing traffic at layer 2, and not performing routing or any other layer 3 function. If this is the case, then there shouldnât be any problems with such a setup. Just make sure that the outside interface of the ASA still has a routable (non-private) IP address and it is reachable from the other ASA. Also ensure that the router is passing through IPSec traffic (no filtering should take place).
These are just general guidelines based on the information you shared. There may be more parameters involved that may affect the operation of an IPSec VPN, so it all depends on the specifics of the setup. Let us know how you get along, and if we can be of further assistance.
I hope this has been helpful!
Laz