RE: ASA reverse route

I changed my tunnel from static to dynamic, and it works.

crypto dynamic-map DYNAMIC_VPN 5 match address ACPU
crypto dynamic-map DYNAMIC_VPN 5 set transform-set 3DES_SHA
crypto dynamic-map DYNAMIC_VPN 5 set security-association lifetime seconds 28800
crypto dynamic-map DYNAMIC_VPN 5 set security-association lifetime kilobytes 4608000
crypto dynamic-map DYNAMIC_VPN 5 set reverse-route

crypto map outside_map 65535 ipsec-isakmp dynamic DYNAMIC_VPN
crypto map outside_map interface outside

-----Original Message-----
From: Tyson Scott [mailto:tscott_at_ipexpert.com]
Sent: Tuesday, December 14, 2010 2:24 PM
To: Marcin Zgola; ccielab_at_groupstudy.com
Subject: RE: ASA reverse route

behavior.

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Marcin Zgola
Sent: Tuesday, December 14, 2010 3:02 PM
To: ccielab_at_groupstudy.com
Subject: ASA reverse route

I am having an issue with ASA reverse route injection on L2L runnel.

When my tunnel is down and I have this command:
crypto map OUTSIDE_MAP 10 set reverse-route

it shows my route in routing table
S 10.16.1.0 255.255.255.0 [1/0] via 1.1.1.2, outside

I only need this route when tunnel is up. Is it a bug or asa behavior?

thanks

Marcin Zgola
Internetwork Lead
CCIE #18676
Netrix, LLC
http://www.netrixllc.com
Ph. 847-964-5300
Fax.: 847-964-5350

Blogs and organic groups at http://www.ccie.net
Received on Tue Dec 14 2010 - 20:33:15 ART