Configuring reverse route injection on the firewall

Configuring IPSec reverse route injection (RRI) on the USG
1. Configuring IPSec reverse route injection
Run the reverse-route enable [ nexthop nexthop-address | preference preference ] command in the IPSec policy template view.
2. Note:
If the headquarters needs to establish tunnels with multiple branches, you can configure the RRI function on the headquarters gateway to automatically add the routing information of the branches to the headquarters gateway. The function is similar to configuring a static route to each branch with the next hop being the IP address of the tunnel interface connected to the branch. In tunneling link backup, this configuration is equivalent to specifying the outgoing interface as the tunnel interface.
Static routes are required to direct the traffic to the IPSec tunnels between the headquarters and branches. RRI saves the efforts in manual configuration and maintenance of static routes.
3. Configuration examples
system-view //Access the system view.
[sysname] ipsec policy-template abc 1 //Access the IPSec policy template view.
[sysname-ipsec-policy-template-abc-1] reverse-route enable //Enable the RRI function.

Scroll to top