03-18-2011 10:59 AM - edited 03-04-2019 11:48 AM
I have ROUTERA at one site and ROUTERB at another site. There is permanent GRE over IPSEC tunnel via the Internet between the two. I was wondering how I could leverage Reverse Route Injection so that ROUTERB learns about the subnet behind ROUTERA and advertises that new subnet to it's directly attached EIGRP neighbor (ROUTERC). My hope is that I won't need to configure anything at the site where ROUTERB and ROUTERC are located. The hope is that ROUTERB learns about that subnet and is able to redistribute it or advertise to ROUTERC. I could always configure the routes manually but I'm wondering if RRI would save me from having to configure anything at the ROUTERB and ROUTERC ends, thus providing me with a clean setup.
Any help would be appreciated
Thanks
Solved! Go to Solution.
03-19-2011 06:40 PM
Hi,
RRI is a feature designed for an IPSec tuinnel end point to install routes for the ipsec protected networks. In the case of GRE over IPSec, RRI can only install routes for the GRE end point, and not traffic traversing through the GRE tunnel. In other words, IPSec only knows GRE traffic is encrypted, but it'd have no visibility into what traffic is encapsulated inside of GRE, hence RRI will not meet your requirements here. To do what you are trying to accomplish, you can simply run the same routing protocol over the GRE tunnel, ie., EIGRP between router A and B over the GRE tunnel.
Thanks,
Wen
03-19-2011 06:40 PM
Hi,
RRI is a feature designed for an IPSec tuinnel end point to install routes for the ipsec protected networks. In the case of GRE over IPSec, RRI can only install routes for the GRE end point, and not traffic traversing through the GRE tunnel. In other words, IPSec only knows GRE traffic is encrypted, but it'd have no visibility into what traffic is encapsulated inside of GRE, hence RRI will not meet your requirements here. To do what you are trying to accomplish, you can simply run the same routing protocol over the GRE tunnel, ie., EIGRP between router A and B over the GRE tunnel.
Thanks,
Wen
03-19-2011 06:48 PM
Excellent, that confirms my suspicions. Thank You, just like I thought, I can just advertise the network from Router A via bgp to Router B. We run BGP between routers at each end of the GRE/IPSEC tunnel.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide