cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
566
Views
0
Helpful
3
Replies

Dynamic Reverse Route Injection? - concentrator 3005

whaidar78
Level 1
Level 1

I would like to advertise routes in OSPF only for LAN-LAN tunnels that are established.

If i enable reverse route injection however it seems to advertise the network regardless of whether the tunnel is up or down.

Is there any option to only advertise routes if a LAN-LAN tunnel is established

any ideas?

3 Replies 3

attrgautam
Level 5
Level 5

If iam right , that would happen only with dynamic IPsec tunnels and not static IPSec.

I respectfully disagree. Please check out

Reverse Route Injection

http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_7/config/iprout.htm#wp1114390

Reverse Route Injection

The VPN Concentrator can automatically add static routes to the routing table and announce these routes to its private network or border routers using OSPF or RIP. This feature is called reverse route injection (RRI). The RRI options that you can configure vary with the type of connection:

?Remote software clients or VPN 3002 Hardware Clients using Client (PAT) mode:

?For individual remote clients, enable the Client Reverse Route Injection option.

?For a group of remote clients, enter an address pool in the Address Pool Hold Down Routes field.

?Remote VPN 3002 Hardware Clients using Network Extension Mode (NEM): enable the Network Extension Reverse Route Injection option.

?LAN-to-LAN connections: see the Routing option on the Tunneling and Security | IPSec | LAN-to-LAN | Add or Modify screen.

HTH

I should have mentioned that this is for LAN-LAN Tunnels.

When i enable Reverse Route Injection under:

Tunneling and Security | IPSec | LAN-to-LAN | Add or Modify screen....

It automatically adds a static route REGARDLESS of whether the tunnel is up or not. This static route is then propagated via OSPF

It actually adds the Local and Remote Network List definitions for that particular Tunnel.

The only option i see is EZVPN wiht Network Extension Mode, however this means that the tunnel can only be established one way so im hesitant on doing this.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: