B-43
User Guide for CiscoSecurity Manager3.0.1
OL-8214-02
AppendixB Site-to-Site VPN User Interface Reference Site to Site VPN Policies
Enable Reverse Route Supported onASA devices, PIX 7.0 devices,and Cisco IOSrouters
except 7600 devices, and when the selected technology is IPSec.
Select this check box if you want to enable the RRI feature in the
IPSec crypto map. Then click one of the following radio buttons:
•ReverseRoute—To create a route in the routing table from the
host address.
•Reverse Route Remote Peer (Cisco IOS routers only)—To
create a route in the routing table for the remote tunnel
endpoint. Then enter the IP address of the remote peer in the
field provided.
When enabled in an IPSec crypto map, Reverse Route Injection
(RRI) learns all the subnets from any network that is definedin the
crypto access control list (ACL) as the destination network. The
learned routes are installed into the local routing table as static
routes that point to the encrypted interface. When the IPSec tunnel
is removed, the associated static routes will be removed. These
static routes may then be redistributed into other dynamic routing
protocols, so that they can be advertised to other parts of the
network (usually done by redistributing RRI routes into dynamic
routing protocols on the core side).
Note Security Manager automatically configuresRRI on devices
with High Availability (HA), or on the IPSec Aggregator
when VRF-Aware IPSec is configured.
Save button Saves your changes to the server but keeps them private.
Note To publish your changes, click theSubmit button on the
toolbar.
Close button Closes the Site-to-Site VPN window.
Help button Opens help for this page.
TableB-15 IPSec Proposal Page (continued)
Element Description