Hi Brandon My question is when do we use "reverse route" and "set reverse-route"?
With regards Kings On Tue, Apr 6, 2010 at 8:44 PM, Brandon Carroll <[email protected]>wrote: > Kings, > > Looks to me like you have it down. As for you last question, which one > produces the result you are looking for? Ultimately you are going to get a > static route introduced to your routing table. You can then take that > static route and redistribute it into any routing protocol you are running. > I guess I'm not sure what you are asking? > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > On Apr 6, 2010, at 1:23 AM, Kingsley Charles wrote: > > > Hi all > > > > With IOS IPSec, we have two cmds for reverse route injection: > > > > router2(config-crypto-map)#set reverse-route ? > > distance Distance metric for this static route > > tag Create route and tag it > > > > > > router2(config-crypto-map)#reverse-route ? > > remote-peer Create route in route table for remote tunnel endpoint > > static Create routes based on static ACLs permanently > > > > > > My understanding > > > > For static site to site VPN, we should use "reverse-route" This will add > a static route to remote site address in the interesting traffic acl. > > The "static" keyword will add the route permanently. Else the route will > be removed when the tunnel is torn off. > > > > For EzVPN server, we should add "set reverse-route". For VTI based EzVPN > server, it should added under IPSec profile. > > > > > > > > For dynamic vpns configured using dynamic crypto maps (given below), > should we use "reverse-route" or "set reverse-route"? > > > > crypto dynamic-map dynmap 1 > > set transform-set tran > > match address 123 > > > > The IOS is inconsistent in it's behavior and hence I am not able to > confirm the behaviour. > > > > > > > > With regards > > Kings > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
