I've been trying to come up with different solutions for VPN backups to T1 connections. I originally would like to use VTI connections for a client but we need to look into other options since we won't be able to upgrade all of our equipment to support VTI tunnels.
This leads me to RRI reverse route injection which I'm trying to figure out how it works. I've done a little reading and searching for docs but haven't been the most successful in answering my own questions.
If someone has experience with RRI please let me know what kind of situation you used it in and what equipment you used it on.
Re: RRI whats it supported on and how does it work.
Whenever an IPSec SA is installed, the prefixes which are to encrypted are routed automatically to the tunnel peer ( a static route is injected to the routing table). When the tunnel terminates, the route is removed from the routing table.
RRI can be used where a spoke needs to form reduntant tunnels to 2 routers(using DPD) where the hub routes inject routes dynamically into internal IGP so that the network knows where the tunnel is terminating. Say, IPSec could terminate in New York and the next time it may terminate in DC and the enterprise IGP has to route accordingly. I have seen it working well on the 1700 and not so well on the VPNSM with 7600.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :