Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
632
Views
0
Helpful
0
Replies

RRI Enhancements?

dy2
Level 1
Level 1

‎07-07-2019 08:36 AM

In Release Notes for the Cisco ASA Series, 9.7(x), there is a mention below:

Dynamic RRI for IKEv2 static crypto maps

Dynamic Reverse Route Injection occurs upon the successful establishment of IPsec Security Associations (SA's) when dynamic is specified for a crypto map . Routes are added based on the negotiated selector information. The routes will be deleted after the IPsec SA's are deleted. Dynamic RRI is supported on IKEv2 based static crypto maps only. We modified the following command: crypto map set reverse-route.

 

The issue with RRI has always been the injection of routes whether or not the tunnel is up. With the above new release, does this mean RRI has became dynamic. Only inject when the tunnel is up? Has anyone tested this?

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card