Hi kings,
If i remember correctly you use the set reverse-route to only inject
the static route when the tunnel is up.
That could be ezvpn, ra clients, but also site-2-sites that are dialin
only.
You use the
Reverse-route static
On two-way site-to-sites where you permanently want to inject the
static route.
Hth
Pj
Sent from an iPhone
Op 6 apr 2010 om 18:58 heeft Kingsley Charles <[email protected]
> het volgende geschreven:\
Hi Brandon
My question is when do we use "reverse route" and "set reverse-route"?
With regards
Kings
On Tue, Apr 6, 2010 at 8:44 PM, Brandon Carroll
<[email protected]> wrote:
Kings,
Looks to me like you have it down. As for you last question, which
one produces the result you are looking for? Ultimately you are
going to get a static route introduced to your routing table. You
can then take that static route and redistribute it into any routing
protocol you are running. I guess I'm not sure what you are asking?
Regards,
Brandon Carroll - CCIE #23837
Senior Technical Instructor - IPexpert
Mailto: [email protected]
Telephone: +1.810.326.1444
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
IPexpert is a premier provider of Self-Study Workbooks, Video on
Demand, Audio Tools, Online Hardware Rental and Classroom Training
for the Cisco CCIE (R&S, Voice, Security & Service Provider)
certification(s) with training locations throughout the United
States, Europe, South Asia and Australia. Be sure to visit our
online communities at www.ipexpert.com/communities and our public
website at www.ipexpert.com
On Apr 6, 2010, at 1:23 AM, Kingsley Charles wrote:
> Hi all
>
> With IOS IPSec, we have two cmds for reverse route injection:
>
> router2(config-crypto-map)#set reverse-route ?
> distance Distance metric for this static route
> tag Create route and tag it
>
>
> router2(config-crypto-map)#reverse-route ?
> remote-peer Create route in route table for remote tunnel
endpoint
> static Create routes based on static ACLs permanently
>
>
> My understanding
>
> For static site to site VPN, we should use "reverse-route" This
will add a static route to remote site address in the interesting
traffic acl.
> The "static" keyword will add the route permanently. Else the
route will be removed when the tunnel is torn off.
>
> For EzVPN server, we should add "set reverse-route". For VTI based
EzVPN server, it should added under IPSec profile.
>
>
>
> For dynamic vpns configured using dynamic crypto maps (given
below), should we use "reverse-route" or "set reverse-route"?
>
> crypto dynamic-map dynmap 1
> set transform-set tran
> match address 123
>
> The IOS is inconsistent in it's behavior and hence I am not able
to confirm the behaviour.
>
>
>
> With regards
> Kings
> _______________________________________________
> For more information regarding industry leading CCIE Lab training,
please visit www.ipexpert.com
_______________________________________________
For more information regarding industry leading CCIE Lab training,
please visit www.ipexpert.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
