R3303-HP HSR6800 Routers Security Command Reference
305
# Configure dynamic IPsec RRI to create two static routes based on an IPsec SA: one to the peer private
network 3.0.0.0/24 through the remote tunnel endpoint 1.1.1.2, and the other to the remote tunnel
e n d p o i n t t h ro u g h 1.1.1. 3 .
[Sysname]ipsec policy 1 1 isakmp
[Sysname-ipsec-policy-isakmp-1-1] reverse-route remote-peer 1.1.1.3 gateway
# Display the routing table. The expected routes appear in the routing table after the IPsec SA negotiation
succeeds. (Other routes are not shown.)
[Sysname] display ip routing-table
...
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.2/32 Static 60 0 1.1.1.3 GE3/0/1
3.0.0.0/24 Static 60 0 1.1.1.2 GE3/0/1
Related commands
• reverse-route preference
• reverse-route tag
reverse-route preference
Use reverse-route preference to change the preference of the static routes created by IPsec RRI.
Use undo reverse-route preference to restore the default.
Syntax
reverse-route preference preference-value
undo reverse-route preference
Views
IPsec policy view
Default command level
2: System level
Parameters
preference-value: Sets a preference value for the static routes created by IPsec RRI. The value range is 1
to 255. A smaller value represents a higher preference.
Usage guidelines
The default preference for the static routes created by IPsec RRI is 60.
When you change the route preference, static IPsec RRI deletes all static routes it has created and creates
new static routes. In contrast, dynamic IPsec RRI applies the new preference only to subsequent static
routes. It does not delete or modify static routes it has created.
Examples
# Set the preference to 100 for static routes populated by IPsec RRI.
<Sysname>system-view
[Sysname] ipsec policy 1 1 isakmp
[Sysname-ipsec-policy-isakmp-1-1] reverse-route preference 100