Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

General RRI

Just to clarify...

RRI is used on the VPN 3000 to advertise networks to internal routers that are connected to 3002 hardware clients in NEM.

Clients behind and not behind a 3002 are advertiesed to the private network (private int on 3000). 3002 not in NEM are treated as clients.

Routes on the concentrator are added to the 3002 if OSPF is used.

Is this right?


Re: General RRI

If reverse route injection is turned on for clients then it only learns routes over the tunnel and

injects them it will not inject the WAN routes, here is an explanation:

The VPN Concentrator can automatically add static routes to the routing table and announce these

routes to its private network or border routers using OSPF or RIP. This feature is called reverse

route injection (RRI). The RRI options that you can configure vary with the type of connection:

Remote software clients or VPN 3002 Hardware Clients using Client (PAT) mode:

For individual remote clients, enable the Client Reverse Route Injection option.

For a group of remote clients, enter an address pool in the Address Pool Hold Down Routes field.

Remote VPN 3002 Hardware Clients using Network Extension Mode (NEM): enable the Network Extension

Reverse Route Injection option.

LAN-to-LAN connections: see the Routing option on the Configuration | System | Tunneling Protocols |

IPSec LAN-to-LAN | Add or Modify screen.

To add routes to the routing table of the VPN Concentrator without advertising them to the private

network, disable routing on the private interface.

To advertise the routes, enable OSPF or RIP on the VPN Concentrator's private interface. (See the

Configuration | Interfaces | Ethernet 1 2 3 screen, RIP or OSPF tabs.)

Here is how you configure RRI:

Community Member

Re: General RRI

Does anyone know what kind of protocol does the RRI use ???

My testing result here is it uses some kind of RIP routing protocol. The route table on the Concentrator shows that it learned the VPN3002 (NEM mode) route through RIP.

Anyone can confirm this fact ??

Best Regards,


CreatePlease to create content