Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
551
Views
0
Helpful
2
Replies

How to configure RRI

Go to solution
Alain Desnoyers
Level 1
Level 1

‎03-18-2011 10:59 AM - edited ‎03-04-2019 11:48 AM

I have ROUTERA at one site and ROUTERB at another site. There is permanent GRE over IPSEC tunnel via the Internet between the two. I was wondering how I could leverage Reverse Route Injection so that ROUTERB learns about the subnet behind ROUTERA and advertises that new subnet to it's directly attached EIGRP neighbor (ROUTERC). My hope is that I won't need to configure anything at the site where ROUTERB and ROUTERC are located. The hope is that ROUTERB learns about that subnet and is able to redistribute it or advertise to ROUTERC. I could always configure the routes manually but I'm wondering if RRI would save me from having to configure anything at the ROUTERB and ROUTERC ends, thus providing me with a clean setup.

Any help would be appreciated

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
wzhang
Cisco Employee
Cisco Employee

‎03-19-2011 06:40 PM

Hi,

RRI is a feature designed for an IPSec tuinnel end point to install routes for the ipsec protected networks. In the case of GRE over IPSec, RRI can only install routes for the GRE end point, and not traffic traversing through the GRE tunnel. In other words, IPSec only knows GRE traffic is encrypted, but it'd have no visibility into what traffic is encapsulated inside of GRE, hence RRI will not  meet your requirements here. To do what you are trying to accomplish, you can simply run the same routing protocol over the GRE tunnel, ie., EIGRP between router A and B over the GRE tunnel.

Thanks,

Wen

View solution in original post

0 Helpful
2 Replies 2

Go to solution
wzhang
Cisco Employee
Cisco Employee

‎03-19-2011 06:40 PM

Hi,

RRI is a feature designed for an IPSec tuinnel end point to install routes for the ipsec protected networks. In the case of GRE over IPSec, RRI can only install routes for the GRE end point, and not traffic traversing through the GRE tunnel. In other words, IPSec only knows GRE traffic is encrypted, but it'd have no visibility into what traffic is encapsulated inside of GRE, hence RRI will not  meet your requirements here. To do what you are trying to accomplish, you can simply run the same routing protocol over the GRE tunnel, ie., EIGRP between router A and B over the GRE tunnel.

Thanks,

Wen

0 Helpful

Go to solution
Alain Desnoyers
Level 1
Level 1
In response to wzhang

‎03-19-2011 06:48 PM

Excellent, that confirms my suspicions. Thank You, just like I thought, I can just advertise the network from Router A via bgp to Router B. We run BGP between routers at each end of the GRE/IPSEC tunnel.

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card