reverse-route dynamic
Use reverse-route dynamic to enable IPsec reverse route inject (RRI).
Use undo reverse-route dynamic to disable IPsec RRI.
Syntax
reverse-route dynamic
undo reverse-route dynamic
Default
IPsec RRI is disabled.
Views
IPsec policy view
IPsec policy template view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
IPsec RRI is usually used on a gateway device at the headquarters side in an IPsec VPN. After IPsec RRI is enabled for an IPsec policy or an IPsec policy template on a gateway device, the gateway device automatically creates a static route upon IPsec SA creation according to this IPsec policy or IPsec policy template. In the static route, the destination IP address is the protected peer private network, and the next hop is the IP address of the remote tunnel interface.
When you enable IPsec RRI for an IPsec policy, the device deletes all IPsec SAs that are created according to this IPsec policy. Upon IPsec SAs are renegotiated, the static routes are created.
When you disable IPsec RRI for an IPsec policy, the device deletes all IPsec SAs that are created according to this IPsec policy, and the associated static routes.
To display the static routes created by RRI, use the display ip routing-table command.
Examples
# Enable IPsec RRI to create a static route according to the IPsec SA negotiated by the specified IPsec policy. The destination IP address is the protected peer private network 3.0.0.0/24, and the next hop is the IP address (1.1.1.2) of the remote tunnel interface.
<Sysname> system-view [Sysname] ipsec policy 1 1 isakmp [Sysname-ipsec-policy-isakmp-1-1] reverse-route dynamic [Sysname-ipsec-policy-isakmp-1-1] quit
# Display the routing table. You can see a created static route. (Other information is not shown.)
[Sysname] display ip routing-table Destinations : 1 Routes : 1 Destination/Mask Proto Pre Cost NextHop Interface 3.0.0.0/24 Static 60 0 1.1.1.2 Vlan100
Related commands
display ip routing-table (Layer 3—IP Routing Command Reference)
ipsec policy
ipsec policy-template