Showing results for 
Search instead for 
Did you mean: 

Route not added for site-to-site tunnel


We have approximately 50 site-to-site tunnels to an ASA 5545X running 9.12(4)35. The one we had the problem with has the "set reverse-route"


crypto map OUTSIDE_map 15 match address OUTSIDE_cryptomap_18
crypto map OUTSIDE_map 15 set peer
crypto map OUTSIDE_map 15 set ikev1 transform-set ESP-AES256-SHA
crypto map OUTSIDE_map 15 set reverse-route


Today out of the blue one of the locations no longer had the route set, nor would it set after clearing either end of the tunnel. The site uses, and it had a "V" route previously, but the site is up after creating a static route:


V connected by VPN (advertised), OUTSIDE
S [1/0] via, OUTSIDE
V connected by VPN (advertised), OUTSIDE


I'd like to figure out the problem, as this happened 2 or 3 times last year with other sites. Is there a debug or some troubleshooting technique I could try? Thanks

3 Replies 3

Rob Ingram
VIP Master VIP Master
VIP Master

@ABaker94985 I assume you are redistributing the routes using EIGRP or OSPF, can you provide the output of your routing configuration including prefix-list and route-maps.

@Rob Ingram We actually are not using a dynamic routing protocol, although we'll soon be implementing it for the VPNs. This has been setup with static routes since the beginning of time , but it's become unwieldy. This problem is easy to spot because we see a routing loop between the Nexus switches and firewall. The route to on the firewall that points to the switch is the only path to when the route drops from the firewall.

Flavio Miranda
VIP Mentor VIP Mentor
VIP Mentor


Take a look on this Bug:



V route is missing even after setting the reverse route in Crypto map config in HA-IKEv2

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers