I'm trying to setup a GRE tunnel to share EIGRP route across a linux firewall. I found a document on using IPSec with GRE across a firewall to distribute EIGRP:
I'm trying to share routes between our WAN core and our LAN core across the linux firewall that sits between them. The WAN is a 10.64.32.x interface on the firewall and the LAN is a 192.168.10.x on the firewall, so I'm pretty sure I'm forced to build the GRE tunnel. Does the encryption have to be configured like the document says? I'm assuming so.
Also, we actually have two LAN cores running HSRP. Would I just build individual GRE tunnels from the WAN core to both LAN cores and let EIGRP handle failover or would that be a bad idea?
Thanks for posting the current details. It helped me recognize that I had not read carefully when I responded about the access list. You misunderstood what route to filter and I did not catch it. You do not want to deny the subnet of the tunnel itself (192.168.16.0) but want to deny the tunnel destination address. So on router 1 you would want this:
access-list 80 deny 192.168.10.0 0.0.0.255
and on router 2 you would want this:
access-list 80 deny 10.64.32.0 0.0.1.255
That is a bit of an odd mask (especially for an interface whose comment says WAN) but it matches what you have in the config.
The access list still needs the permit any, and the distribute-list still needs to be in on tunnel0.