VPN Reverse Route Injection was introduced in AOS 15.1. Reverse Route Injection (RRI) allows an AOS router to add remote VPN networks to its route table when the VPN tunnel is up. By adding the route to its local route table, the router can then redistribute the route into a routing protocol, so that other routers can dynamically learn how to reach the remote network. This is useful when setting up redundant VPN gateways at a host site, which multiple remote sites will connect to.
! IKE Configuration, IPSec Transform Set, and VPN Selectors Omitted
crypto map VPN 10 ipsec-ike
match address VPN-10-vpn-selectors
set peer 18.104.22.168
set transform-set esp-3des-esp-md5-hmac
set security-association idle-time 60
! After 60 seconds of inactivity, the VPN tunnel will be torn down, and
! any associated routes that were injected into the route table will be removed.
reverse-route tag 10
! When the VPN tunnel is active, the remote private network(s) – as defined
! by the VPN selectors that were used to bring up the tunnel – will be added
! to the IP route table with a tag value of 10. The tag is useful for control of
! the redistribution process.