How to obtain the route of the branch private network when the AR is configured with IPSec and the headquarters provides egress of multiple egresses

When the headquarters connects to multiple branches, consider route selection. You need to obtain the private network routes of branches. Static routes can be configured. However, the static route configuration is complex when there are many branches. When a branch is added each time, a static route needs to be added on the headquarters network, which is inconvenient for maintenance.
On the headquarters, you can run the route inject command to configure route injection, which can be static or dynamic.  
-  When static route injection is enabled, the route generated through the route injection function is added to the local device and the route status does not vary with the tunnel status change. 
-  When dynamic route injection is enabled, the route generated through the route injection function can be added to the local device if the IPSec tunnel is Up, and the route is deleted if the IPSec tunnel is Down.
Compared with static route injection, dynamic route injection associates the generated route with the IPSec tunnel status. When the IPSec tunnel is Down, the AR does not send traffic to the remote end through the IPSec tunnel, preventing traffic loss.

Set the priority of a route generated through dynamic route injection to 10.
<Huawei> system-view 
[Huawei] ipsec policy policy1 10 isakmp 
[Huawei-ipsec-policy-isakmp-policy1-10] route inject dynamic preference 10

 

Scroll to top