01-25-2005 11:27 AM - edited 02-21-2020 01:34 PM
Does anyone know if its possible to limit what routes get injected by RRI? I want to prevent customers from injecting routes that are the same as internal network where my authenticaion and log servers live.
Right now, a network that is behind a remote 3002 vpn end point gets injected into my vpn router routing table. If they changed their private interface of the 3002 to something on my network, it gets added to my vpn router as a static route. The RRI route takes precedence to static routes that I add on my vpn router.
Has anyone encountered this?
Thanks
01-26-2005 12:10 PM
If the vpn router is running IOS, you can use distribute-lists within the routing protocol configuration to limit what you receive into the route table as well as what you advertise out. In your case you are only interested using the "distribute-list in" command. Note with OSPF the routes will still appear in the ospf database, but they will not appear in the routing table.
What type of device is the vpn router? What metric is the static routes that are being overriden by RRI?
Let me know if this helps.
01-27-2005 02:41 PM
I am using a 7206 with vpn service module. The metric of the static route that gets overridden is 1. The RRI by the 3002 client is happening before any route distribution so I dont think the distribution list will help. Basically, I will lose connectivity to my internal server because the vpn sends the traffic back out the tunnel to the 3002 peer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide