new at eigrp

Unanswered Question
Sep 12th, 2007
User Badges:

Hi,


I?m interested in working with eigrp.

Now, at my network devices we use static routes(like always), but step by step, our network has been increasing.


We have a 2821 cisco and several delagations using a 1721.

There is a vpn ipsec 3des vpn stablished between all of them.

Posting a document, a user recomended to me using eigrp.

Following the documentation I configured all routers with the same "router eigrp 1" but then there is a doubt configuring network parameter.


The main LAN is 192.168.156.0, first delegation 192.168.157.0 second one 192.168.158.0 and up.


The vpn is stablished using dsl and LMDS lines.

What would be the correct "network" parameter??


Best regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
royalblues Wed, 09/12/2007 - 05:34
User Badges:
  • Green, 3000 points or more

The network parameter should include the interfaces where you want to run EIGRP


Can you post your network topology?


IPSec may not work well with routing protocols which use multicasts like EIGRP


HTH

Narayan



edgar-quintana Wed, 09/12/2007 - 05:41
User Badges:

Ajammm.


Well I have a problem adding a backup line(this problem was posted without resolution) and because of this I?m crazy and search new routing protocols and more

lgijssel Wed, 09/12/2007 - 05:39
User Badges:
  • Red, 2250 points or more

Edgar, you will have to add all networks that have to be routed over this network.

However, I have my doubst as to if this going to work. This is because I know that multicasts (such as eigrp updates) are not forwarded over an ipsec vpn.

To overcome this problem, Cisco has developed DMVPN where a GRE tunnel is used within the IPsec link to allow just this:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html


regards,

Leo

edgar-quintana Wed, 09/12/2007 - 05:47
User Badges:

Following my recent post, I only have to add a backup line.


There is a backu line configured but when the first line does not work there is not backup...

lgijssel Wed, 09/12/2007 - 05:56
User Badges:
  • Red, 2250 points or more

There may be static routes configured. Can you please post some configuration info?


regards,

Leo

edgar-quintana Wed, 09/12/2007 - 06:12
User Badges:

Main router:

?sta es la configuraci?n en ejecuci?n de su router: 192.168.156.254


!----------------------------------------------------------------------------


!version 12.4


no service pad


service timestamps debug datetime msec localtime show-timezone


service timestamps log datetime msec localtime show-timezone


service password-encryption


service compress-config


service sequence-numbers


!


hostname vpn1


crypto isakmp policy 1


encr 3des


authentication pre-share


lifetime 28800


crypto isakmp key xxxxxxx address IP PUBLICA VPN2 no-xauth

crypto ipsec transform-set xxxxxxxxxxxx


crypto ipsec df-bit clear


crypto map cmap-dele 100 ipsec-isakmp


set peer IP PUBLICA VPN2

set transform-set xxxxx

match address 110


ip route IP PUBLICA VPN2 IP PUBLICA LINEA PRINCIPAL LMDS permanent


ip route IP PUBLICA VPN2 ATM0/3/0.1 150 permanent LINEA BACKUP


access-list 110 permit ip 192.168.156.0 0.0.0.255 192.168.157.0 0.0.0.255


--------------------------------------------------------------------------------


Second router:


?sta es la configuraci?n en ejecuci?n de su router: 192.168.157.254


!----------------------------------------------------------------------------


!version 12.4


no service pad


service timestamps debug datetime msec localtime show-timezone


service timestamps log datetime msec localtime show-timezone


service password-encryption


service sequence-numbers


!


hostname vpn2


!

crypto isakmp policy 20


encr 3des


authentication pre-share


lifetime 28800

crypto isakmp key xxxxxxxx address IP PUBLICA PRINCIPAL xxxxxxx no-xauth


crypto isakmp key xxxxxxxx address IP PUBLICA BACKUP no-xauth


crypto ipsec transform-set xxxxxxxxx

crypto ipsec transform-set xxxxxxxxxxxxx

crypto ipsec df-bit clear


crypto map cmap-dele 100 ipsec-isakmp


description cedis-serlogis


set peer IP PUBLICA PRINCIPAL


set transform-set netlan


match address 110

crypto map cmap-dele 103 ipsec-isakmp


description BACKUP


set peer IP PUBLICA BACKUP


set transform-set netlan


match address 110


ip route 0.0.0.0 0.0.0.0 ATM0.1 permanent

access-list 110 permit ip 192.168.157.0 0.0.0.255 192.168.156.0 0.0.0.255


edgar-quintana Wed, 09/12/2007 - 06:13
User Badges:

Interfaces configuration:


VPN1

C?digo:

--------------------------------------------------------------------------------

interface GigabitEthernet0/0


description $ETH-LAN$$FW_INSIDE$


ip address 192.168.158.254 255.255.255.0 secondary


ip address 192.168.156.254 255.255.255.0


ip access-group 102 in


no ip redirects


no ip unreachables


no ip proxy-arp


ip nat inside


ip virtual-reassembly


ip route-cache flow


duplex auto


speed auto


no mop enabled


interface ATM0/3/0


no ip address


no ip redirects


no ip unreachables


no ip proxy-arp


ip route-cache flow


no atm ilmi-keepalive


dsl operating-mode auto


!


interface ATM0/3/0.1 point-to-point


description $FW_OUTSIDE$


ip address ip publica


ip access-group 105 in


ip verify unicast reverse-path


no ip redirects


no ip unreachables


no ip proxy-arp


ip nat outside


ip inspect SDM_HIGH out


ip virtual-reassembly


no snmp trap link-status


crypto map cmap-dele


service-policy input sdmappfwp2p_SDM_HIGH


service-policy output sdmappfwp2p_SDM_HIGH


pvc 8/32


encapsulation aal5snap


--------------------------------------------------------------------------------



VPN2


C?digo:

--------------------------------------------------------------------------------

interface ATM0


no ip address


no ip redirects


no ip unreachables


no ip proxy-arp


ip route-cache flow


no atm ilmi-keepalive


dsl operating-mode auto


!


interface ATM0.1 point-to-point


description $FW_OUTSIDE$


ip address ip publica


ip access-group 101 in


ip verify unicast reverse-path


no ip redirects


no ip unreachables


no ip proxy-arp


ip nbar protocol-discovery


ip nat outside


ip inspect SDM_LOW out


ip virtual-reassembly


no snmp trap link-status


crypto map cmap-dele


pvc 8/32


encapsulation aal5snap


!


!


interface FastEthernet0


description $ETH-LAN$$FW_INSIDE$


ip address 192.168.157.254 255.255.255.0


ip access-group 100 in


no ip redirects


no ip unreachables


no ip proxy-arp


ip nat inside


ip virtual-reassembly


ip route-cache flow


speed auto


Actions

This Discussion