Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Why no implicit route for L2L IPSec tunnel traffic?

In a hub-and-spoke IPSec environment, it's not hard to set up routing from spoke to hub.

But on the hub end of a tunnel, where lives the gateway of last resort for traffic from the spoke, it seems almost counter-intuitive that the crypto ACL and peer statements don't implicitly create a route for traffic from the hub into the tunnel to the far end (spoke).  It could always be overridden with a static if necessary.

There's probably a good reason for this, but I can't think of it.  Or am I the only person who thinks it odd...or perhaps a feature opportunity?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Why no implicit route for L2L IPSec tunnel traffic?

Hi,

This feature exist and is called reverse-route injection. The route is dynamically created (based on the crypto ACL) and is available only when the SA is up.

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_rrie.html

HTH

Laurent.

1 REPLY
Cisco Employee

Re: Why no implicit route for L2L IPSec tunnel traffic?

Hi,

This feature exist and is called reverse-route injection. The route is dynamically created (based on the crypto ACL) and is available only when the SA is up.

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_rrie.html

HTH

Laurent.

319
Views
0
Helpful
1
Replies