Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
396
Views
1
Helpful
1
Replies

Policy based VPN routing issue

hocus-pokus-alakazoo
Level 1
Level 1

‎03-12-2025 04:12 PM

I have a policy based VPN using IKE version 1 with a customer. I use crypto map along with ACL and reverse route injection as shown below.  I delete "crypto map entry VPN 123" (no crypto map VPN 123) but static route remains for network 2.2.2.2 in  my route table.  Is this a bug?  

 

Router#

crypto map VPN 123 ipsec-isakmp
description to CustomerA
set peer 1.2.3.4
set transform-set IPSECAESSHA
set pfs group5
match address CustomerA_encryption_domain
reverse-route static

ip access-list extended CustomerA_encryption_domain

permit host 1.1.1.1 host 2.2.2.2

 

 

 

My code:

Cisco IOS Software, ASR1000 Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.5(3)S10, RELEASE SOFTWARE (fc3)

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎03-13-2025 03:21 AM

@hocus-pokus-alakazoo if RRI configuration is removed, or the peer, or the access list is removed from the crypto map, or the crypto map sequence itself is removed, the routes should be deleted.

That's a very old firmware version, perhaps a bug. Consider contacting TAC.....and upgrading the firmware.

 

Customers Also Viewed These Support Documents