ASA creates RRI routes even from deny crypto map ACLs
Has anybody seen the same? The ASA creates RRI routes even for deny statements of the crypto map ACL. :-) So if you have a s2s VPN tunnel and you want some traffic not to be sent over the tunnel you make deny statements within the crypto map ACL. But those deny statements create also static routes in the routing table.
So my ASA is attracting traffic with RRI which I explicitly do not want to have at the ASA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...