3D Innovations 3.0.1 appendix Element Description

Site to Site VPN Policies

Table B-15

IPSec Proposal Page (continued)

Element

Description

Enable Reverse Route

Supported on ASA devices, PIX 7.0 devices, and Cisco IOS routers

except 7600 devices, and when the selected technology is IPSec.

Select this check box if you want to enable the RRI feature in the

IPSec crypto map. Then click one of the following radio buttons:

• Reverse Route—To create a route in the routing table from the

host address.

• Reverse Route Remote Peer (Cisco IOS routers only)—To

create a route in the routing table for the remote tunnel

endpoint. Then enter the IP address of the remote peer in the

field provided.

When enabled in an IPSec crypto map, Reverse Route Injection

(RRI) learns all the subnets from any network that is defined in the

crypto access control list (ACL) as the destination network. The

learned routes are installed into the local routing table as static

routes that point to the encrypted interface. When the IPSec tunnel

is removed, the associated static routes will be removed. These

static routes may then be redistributed into other dynamic routing

protocols, so that they can be advertised to other parts of the

network (usually done by redistributing RRI routes into dynamic

routing protocols on the core side).

Note Security Manager automatically configures RRI on devices

with High Availability (HA), or on the IPSec Aggregator

when VRF-Aware IPSec is configured.

Save button

Saves your changes to the server but keeps them private.

Note To publish your changes, click the Submit button on the

toolbar.

Close button

Closes the Site-to-Site VPN window.

Help button

Opens help for this page.

User Guide for Cisco Security Manager 3.0.1

OL-8214-02

B-43