I have a set of four routers at site 1 exchanging route information using EIGRP over ethernet. There are two serial links from two of the routers to site 2 which also has four routers using the same EIGRP AS as the routers at site 1. The serial links are also included in the same EIGRP AS.
I want to set up a site to site VPN between two of the routers, one at each site, neither router directly attaches to the serial links.
My question is: How do I allow the port on the router used for the VPN to continued sending and receiving EIGRP updates? Will including in the ACL for the IPsec tunnel the rule:
deny ip 88 any any
do the trick? This will keep eigrp updates out of the vpn tunnel between the two routers but will the routing messages continue to be sent and received on the interfaces used for the VPN tunnel?