Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

RRI whats it supported on and how does it work.


I've been trying to come up with different solutions for VPN backups to T1 connections. I originally would like to use VTI connections for a client but we need to look into other options since we won't be able to upgrade all of our equipment to support VTI tunnels.

This leads me to RRI reverse route injection which I'm trying to figure out how it works. I've done a little reading and searching for docs but haven't been the most successful in answering my own questions.

If someone has experience with RRI please let me know what kind of situation you used it in and what equipment you used it on.




Re: RRI whats it supported on and how does it work.

Whenever an IPSec SA is installed, the prefixes which are to encrypted are routed automatically to the tunnel peer ( a static route is injected to the routing table). When the tunnel terminates, the route is removed from the routing table.

RRI can be used where a spoke needs to form reduntant tunnels to 2 routers(using DPD) where the hub routes inject routes dynamically into internal IGP so that the network knows where the tunnel is terminating. Say, IPSec could terminate in New York and the next time it may terminate in DC and the enterprise IGP has to route accordingly. I have seen it working well on the 1700 and not so well on the VPNSM with 7600.

CreatePlease login to create content