[nsp] VPN Reverse Route Injection on Private Interface

Chris Johns chrisjohns_cisco at hotmail.com
Thu Oct 9 02:28:20 EDT 2003


Hello,

I have a cisco 3030 VPN setup with public and private interfaces, I have 
enabled (reverse route injection) RRI and this works fine when a user 
connects to the outside interface, their VPN assigned IP address is added to 
the VPN's routing table and is also advertised as a host route to the 
routers on the inside interface. However when I connect to the inside 
interface from a network that is part of the "network lists" the route is 
added to the VPN's routing table however the host route (VPN assigned IP 
address) is not advertised to the routers on the inside interface.

Is this possible? Should this be possible? The user can't connect to the 
outside interface because the return packets don't go through the VPN's 
outside interface (because the VPN has a route for network on its inside 
interface) and therefore can't setup an IPSEC session.

The host is using the cisco VPN client REL4.0.1
The VPN is using vpn3000-4.0.1.E-k9.bin version of code

Could someone tell me if this is possible? If so could you provide a link on 
the CCO or elsewhere.

thanks
Chris

_________________________________________________________________
High-speed Internet access as low as $29.95/month (depending on the local 
service providers in your area). Click here.   https://broadband.msn.com



More information about the cisco-nsp mailing list