cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


333
Views
5
Helpful
1
Replies
Contributor

crypto map vpn_map1 2 set reverse-route command needed?

So on a 4100 Firepower, I see the command "crypto map vpn_map1 2 set reverse-route". I am not all sure it is needed. 
The IPSEC profile is for has all static IPs on both ends (for sources, destinations, etc.).
No IGP protocols are running the the FW.
Anyone know what else I should check in regards to why this command may be needed?

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: crypto map vpn_map1 2 set reverse-route command needed?

Hi,
If you aren't using a routing protocol to redistribute those VPN routes then it probably isn't necessary - it's just creating static routes for each VPN network, but doing nothing with them. If you had a redundant configuration and using routing to failover it would be useful.

HTH
1 REPLY 1
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: crypto map vpn_map1 2 set reverse-route command needed?

Hi,
If you aren't using a routing protocol to redistribute those VPN routes then it probably isn't necessary - it's just creating static routes for each VPN network, but doing nothing with them. If you had a redundant configuration and using routing to failover it would be useful.

HTH