[c-nsp] Changing the default EIGRP admin distance

Ramcharan, Vijay A vijay.ramcharan at verizonbusiness.com
Wed Jan 26 14:28:22 EST 2011 

If I remember correctly, reverse route injection puts a static route
into a device.  

In order to get the static routes into EIGRP I presume that you are
redistributing static. If you already have a route-map in use on the
redistribute statement under EIGRP then you should be able to tweak the
metrics there so that the less favorable peer advertises less favorable
reverse-route metrics. 

If you don't already have a route-map then it should be relatively easy
to add one without breaking anything. 

There is also a "set reverse route distance <number>" command available
under the crypto map configuration. The output below is from a 7206
running 15.1.(1)XB

7206-2(config)#crypto map mymap 10 ipsec-isak 
7206-2(config-crypto-map)#revers ?
  remote-peer  Create route in route table for remote tunnel endpoint
  static       Create routes based on static ACLs permanently
  <cr>

7206-2(config-crypto-map)#set rever ?
  distance  Distance metric for this static route
  tag       Create route and tag it

7206-2(config-crypto-map)#

Vijay Ramcharan 
 

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Christopher J. Wargaski
> Sent: Wednesday, January 26, 2011 1:09 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Changing the default EIGRP admin distance
> 
> Hello--
> 
>    We are implementing IPsec LAN to LAN tunnels with routers. There
are two
> main hubs (Chicago and Rosemont) and many remote offices; Chicago is
the
> default hub and Rosemont is the secondary. If the Chicago hub router
dies or
> the Chicago Internet circuit fails, the VPN tunnel will come up on the
> Rosemont hub router.
> 
> Remote office (This IP is 1.2.3.4):
> crypto map L2L-map 1 ipsec-isakmp
>  description LAN to LAN tunnel for Chicgao & Rosemont (backup)
>  set peer 3.4.5.6 default
>  set peer 6.7.8.9
>  match address Chicago-VPN
>  ...
> 
>    On the Chicago and Rosemont routers, I am using reverse route
injection
> on the crypto map to insert the remote network's route into EIGRP when
the
> tunnel comes up as such:
> 
> Default hub peer (This IP is 3.4.5.6):
> crypto map L2L-map 1 ipsec-isakmp
>  description Test remote office
>  set peer 1.2.3.4
>  match address CJW-VPN
>  reverse-route
>  ...
> 
>    To avoid problems, I would like the route injected by the Rosemont
router
> to have a higher administrative distance than the route injected by
the
> Chicago router. On the 15.1(2)T2 IOS version, there is not an option
to set
> the administrative distance on the reverse route injection. Must I set
the
> administrative distance for the entire EIGRP AS, or is there a better
way to
> make these backup routes have a higher cost than that on the primary
router?
> 
> 
> 
> cjw
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list