Hi Pieter With site to site vpn, if you use "reverse route" without "static"is keyword, then the routes are installed only when the tunnel up and removed when the tunnel is torn.
With regards Kings On Tue, Apr 6, 2010 at 11:18 PM, Pieter-Jan Nefkens < [email protected]> wrote: > Hi kings, > > If i remember correctly you use the set reverse-route to only inject the > static route when the tunnel is up. > > That could be ezvpn, ra clients, but also site-2-sites that are dialin > only. > > You use the > Reverse-route static > On two-way site-to-sites where you permanently want to inject the static > route. > > Hth > Pj > > Sent from an iPhone > > Op 6 apr 2010 om 18:58 heeft Kingsley Charles <[email protected]> > het volgende geschreven:\ > > Hi Brandon > > My question is when do we use "reverse route" and "set reverse-route"? > > With regards > Kings > > On Tue, Apr 6, 2010 at 8:44 PM, Brandon Carroll <[email protected]>wrote: > >> Kings, >> >> Looks to me like you have it down. As for you last question, which one >> produces the result you are looking for? Ultimately you are going to get a >> static route introduced to your routing table. You can then take that >> static route and redistribute it into any routing protocol you are running. >> I guess I'm not sure what you are asking? >> >> Regards, >> >> Brandon Carroll - CCIE #23837 >> Senior Technical Instructor - IPexpert >> Mailto: [email protected] >> Telephone: +1.810.326.1444 >> Live Assistance, Please visit: www.ipexpert.com/chat >> eFax: +1.810.454.0130 >> >> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >> training locations throughout the United States, Europe, South Asia and >> Australia. Be sure to visit our online communities at >> www.ipexpert.com/communities and our public website at www.ipexpert.com >> >> >> >> On Apr 6, 2010, at 1:23 AM, Kingsley Charles wrote: >> >> > Hi all >> > >> > With IOS IPSec, we have two cmds for reverse route injection: >> > >> > router2(config-crypto-map)#set reverse-route ? >> > distance Distance metric for this static route >> > tag Create route and tag it >> > >> > >> > router2(config-crypto-map)#reverse-route ? >> > remote-peer Create route in route table for remote tunnel endpoint >> > static Create routes based on static ACLs permanently >> > >> > >> > My understanding >> > >> > For static site to site VPN, we should use "reverse-route" This will add >> a static route to remote site address in the interesting traffic acl. >> > The "static" keyword will add the route permanently. Else the route will >> be removed when the tunnel is torn off. >> > >> > For EzVPN server, we should add "set reverse-route". For VTI based EzVPN >> server, it should added under IPSec profile. >> > >> > >> > >> > For dynamic vpns configured using dynamic crypto maps (given below), >> should we use "reverse-route" or "set reverse-route"? >> > >> > crypto dynamic-map dynmap 1 >> > set transform-set tran >> > match address 123 >> > >> > The IOS is inconsistent in it's behavior and hence I am not able to >> confirm the behaviour. >> > >> > >> > >> > With regards >> > Kings >> > _______________________________________________ >> > For more information regarding industry leading CCIE Lab training, >> please visit www.ipexpert.com >> >> > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
