cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


171
Views
0
Helpful
0
Replies
Highlighted
dy2 Beginner
Beginner

RRI Enhancements?

In Release Notes for the Cisco ASA Series, 9.7(x), there is a mention below:

Dynamic RRI for IKEv2 static crypto maps

Dynamic Reverse Route Injection occurs upon the successful establishment of IPsec Security Associations (SA's) when dynamic is specified for a crypto map . Routes are added based on the negotiated selector information. The routes will be deleted after the IPsec SA's are deleted. Dynamic RRI is supported on IKEv2 based static crypto maps only. We modified the following command: crypto map set reverse-route.

 

The issue with RRI has always been the injection of routes whether or not the tunnel is up. With the above new release, does this mean RRI has became dynamic. Only inject when the tunnel is up? Has anyone tested this?

Everyone's tags (5)