VPN Reverse Route Injection (RRI)

Version 2

    VPN Reverse Route Injection was introduced in AOS 15.1.  Reverse Route Injection (RRI) allows an AOS router to add remote VPN networks to its route table when the VPN tunnel is up. By adding the route to its local route table, the router can then redistribute the route into a routing protocol, so that other routers can dynamically learn how to reach the remote network.  This is useful when setting up redundant VPN gateways at a host site, which multiple remote sites will connect to.

     

    Example Configuration:

     

    !  IKE Configuration, IPSec Transform Set, and VPN Selectors Omitted

    !

    crypto map VPN 10 ipsec-ike

      match address VPN-10-vpn-selectors

      set peer 1.1.1.1

      set transform-set esp-3des-esp-md5-hmac

      set security-association idle-time 60

    !  After 60 seconds of inactivity, the VPN tunnel will be torn down, and

    !  any associated routes that were injected into the route table will be removed.

      reverse-route tag 10

    !  When the VPN tunnel is active, the remote private network(s) – as defined

    !  by the VPN selectors that were used to bring up the tunnel – will be added

    !  to the IP route table with a tag value of 10.  The tag is useful for control of

    !  the redistribution process.