01-10-2010 02:07 PM - edited 02-21-2020 04:26 PM
In a hub-and-spoke IPSec environment, it's not hard to set up routing from spoke to hub.
But on the hub end of a tunnel, where lives the gateway of last resort for traffic from the spoke, it seems almost counter-intuitive that the crypto ACL and peer statements don't implicitly create a route for traffic from the hub into the tunnel to the far end (spoke). It could always be overridden with a static if necessary.
There's probably a good reason for this, but I can't think of it. Or am I the only person who thinks it odd...or perhaps a feature opportunity?
Solved! Go to Solution.
01-11-2010 07:26 PM
Hi,
This feature exist and is called reverse-route injection. The route is dynamically created (based on the crypto ACL) and is available only when the SA is up.
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_rrie.html
HTH
Laurent.
01-11-2010 07:26 PM
Hi,
This feature exist and is called reverse-route injection. The route is dynamically created (based on the crypto ACL) and is available only when the SA is up.
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_rrie.html
HTH
Laurent.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide