Hi kings,
Just googled a bit more on RRI. The reverse-route is used before 12.4
(15)T.
The set reverse-route has then been introduced so you can set it on
vti, but also set a different administrative distance than 1 (default
for static):
http://www.ciscosystems.biz/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_rrie.html
Hth
PJ
Sent from an iPhone
Op 6 apr 2010 om 19:52 heeft Kingsley Charles <[email protected]
> het volgende geschreven:\
Hi Pieter
With site to site vpn, if you use "reverse route" without
"static"is keyword, then the routes are installed only when the
tunnel up and removed when the tunnel is torn.
With regards
Kings
On Tue, Apr 6, 2010 at 11:18 PM, Pieter-Jan Nefkens <[email protected]
> wrote:
Hi kings,
If i remember correctly you use the set reverse-route to only inject
the static route when the tunnel is up.
That could be ezvpn, ra clients, but also site-2-sites that are
dialin only.
You use the
Reverse-route static
On two-way site-to-sites where you permanently want to inject the
static route.
Hth
Pj
Sent from an iPhone
Op 6 apr 2010 om 18:58 heeft Kingsley Charles <[email protected]
> het volgende geschreven:\
Hi Brandon
My question is when do we use "reverse route" and "set reverse-
route"?
With regards
Kings
On Tue, Apr 6, 2010 at 8:44 PM, Brandon Carroll <[email protected]
> wrote:
Kings,
Looks to me like you have it down. As for you last question, which
one produces the result you are looking for? Ultimately you are
going to get a static route introduced to your routing table. You
can then take that static route and redistribute it into any
routing protocol you are running. I guess I'm not sure what you
are asking?
Regards,
Brandon Carroll - CCIE #23837
Senior Technical Instructor - IPexpert
Mailto: [email protected]
Telephone: +1.810.326.1444
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
IPexpert is a premier provider of Self-Study Workbooks, Video on
Demand, Audio Tools, Online Hardware Rental and Classroom Training
for the Cisco CCIE (R&S, Voice, Security & Service Provider)
certification(s) with training locations throughout the United
States, Europe, South Asia and Australia. Be sure to visit our
online communities at www.ipexpert.com/communities and our public
website at www.ipexpert.com
On Apr 6, 2010, at 1:23 AM, Kingsley Charles wrote:
> Hi all
>
> With IOS IPSec, we have two cmds for reverse route injection:
>
> router2(config-crypto-map)#set reverse-route ?
> distance Distance metric for this static route
> tag Create route and tag it
>
>
> router2(config-crypto-map)#reverse-route ?
> remote-peer Create route in route table for remote tunnel
endpoint
> static Create routes based on static ACLs permanently
>
>
> My understanding
>
> For static site to site VPN, we should use "reverse-route" This
will add a static route to remote site address in the interesting
traffic acl.
> The "static" keyword will add the route permanently. Else the
route will be removed when the tunnel is torn off.
>
> For EzVPN server, we should add "set reverse-route". For VTI
based EzVPN server, it should added under IPSec profile.
>
>
>
> For dynamic vpns configured using dynamic crypto maps (given
below), should we use "reverse-route" or "set reverse-route"?
>
> crypto dynamic-map dynmap 1
> set transform-set tran
> match address 123
>
> The IOS is inconsistent in it's behavior and hence I am not able
to confirm the behaviour.
>
>
>
> With regards
> Kings
> _______________________________________________
> For more information regarding industry leading CCIE Lab
training, please visit www.ipexpert.com
_______________________________________________
For more information regarding industry leading CCIE Lab training,
please visit www.ipexpert.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
