Hi Marta, That makes sense. I thought I had routing to 10.1.1.0/24, but now I'm second guessing that I did. Thanks for the great feedback!
Jason On Mon, Oct 8, 2012 at 12:59 AM, Marta Sokolowska < [email protected]> wrote: > Static RRI on R9 in this lab is needed, because R9 doesn't have neither a > default route nor a specific route to 10.1.1.0/24 network. Without static > RRI, VPN will never be triggered from the VLAN49 side, because R9 doesn't > know how to get to 10.1.1.0/24 network (using which interface) and > traffic from VLAN49 will never go out through Fa0/1 of R9 (where you have > your crypto map). > > If you configure "reverse-route static", you will have static route in the > routing table of R9: > > MSO-R9#sh ip route static > 10.0.0.0/24 is subnetted, 2 subnets > S 10.1.1.0 [1/0] via 19.1.1.1 > > Of course, although it is shown as "static", it wasn't configured with "ip > route" command, like normal static routes :-) The advantage over normal RRI > is the presence of that kind of "static" route regardless of the state of > VPN tunnel (whether the tunnel is up or down), so the traffic can be > initiated also from the VLAN49 side. > > Marta Sokolowska. > > > 2012/10/8 Jason Madsen <[email protected]> > > Hi Group, >> >> Can anyone clarify how Reverse Route Static is needed for this task? It >> is needed, but I'm not sure I get the details why. Typically when I look >> for a Reverse Route need, I look for instances where dynamic routing >> redistribution is needed. However, for this task I couldn't pass traffic >> through the VPN with R9, which was actually terminating the VPN. I also >> tried from Cat4, which was connected directly behind it with a default >> route pointed to R9. >> >> Thanks, >> Jason >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
