cisco ios 12.4 ipsec / reverse route injection

Discussion in 'Cisco' started by Graham Turner, Mar 12, 2008.

  1. This is question re maintenance of the static routes that are dynamically
    inserted when we have the "REVERSE ROUTE" configuration in the dynamic
    crypto map.

    IOS version - c1700-advsecurityk9-mz-124-17a.bin

    VPN clients - Cisco vpn clients v4.6

    the expected behaviour is that the static route to the IP address that is
    'leased' by the vpn client by way of "ip local pool' configuration via the
    (public) IP address of the vpn client would be removed when the IPSEC SA is
    torn down or timed out by the IOS vpn server.

    the observed behaviour is that instead of any of these routes being removed,
    another route to the leased IP address is added via the public address of
    the next VPN client that leases that IP address such that a sample of the
    output from 'show ip route' gives us;

    192.168.2.10 [1/0] via 86.145.45.34
    via 86.140.228.10
    .......

    192.168.2.8 [1/0] via 87.56.23.34
    via 78.56.42.34
    via 89.34.62.23
    ....

    etc for all the IP addresses in the local pool.

    this is even though the destination IP addr is freed from the IP pool, and
    the IPsec SA should no longer be valid.

    what may be relevant is that while "show crypto ipsec sa" does not list any
    indication of the SA to what are not valid ipsec peers, the "show crypto
    ipsec sa address" seem to retain some memory of the public IP's of the
    peers.

    it is these that are inserted into the routing table, persistently even if i
    "clear ip route A.B.C.D"

    Help in this will be gladly received.
    Graham Turner, Mar 12, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    5
    Views:
    28,543
    James Harris
    Dec 27, 2005
  2. vos
    Replies:
    2
    Views:
    9,765
  3. Darren Green
    Replies:
    1
    Views:
    3,997
    parry26
    Feb 15, 2007
  4. Merv
    Replies:
    7
    Views:
    825
  5. Replies:
    9
    Views:
    5,028
    Scott Perry
    Aug 7, 2008
Loading...

Share This Page