 |
Note: Reverse route insertion takes place only for tunnels to dynamic peers. These routes are added only for next-hop style service sets. |
Static routes are automatically inserted into the route table for those networks and hosts protected by a remote tunnel endpoint. These protected hosts and networks are known as remote proxy identities.
Each route is created based on the remote proxy network and mask sent by the peer and is inserted in the relevant route table after successful phase 1 and phase 2 negotiations.
The route preference for each static reverse route is 1. This value is necessary to avoid conflict with similar routes that might be added by the routing protocol process (rpd).
No routes are added if the accepted remote proxy address is the default (0.0.0.0/0). In this case you can run routing protocols over the IPSec tunnel to learn routes and add static routes for the traffic you want to be protected over this tunnel.
For next-hop style service sets, the reverse routes include next hops pointing to the locations specified by the inside-service-interface statement.
The route table in which to insert these routes depends on where the inside-service-interface location is listed. If these interfaces are present in a VPN routing and forwarding (VRF) instance, then routes are added to the corresponding VRF table; otherwise, the routes are added to inet.0.
|
Note: Reverse route insertion takes place only for tunnels to dynamic peers. These routes are added only for next-hop style service sets. |
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |