Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
0
Helpful
8
Replies

new at eigrp

edgar-quintana
Level 1
Level 1

‎09-12-2007 05:29 AM - edited ‎03-05-2019 06:26 PM

Hi,

I?m interested in working with eigrp.

Now, at my network devices we use static routes(like always), but step by step, our network has been increasing.

We have a 2821 cisco and several delagations using a 1721.

There is a vpn ipsec 3des vpn stablished between all of them.

Posting a document, a user recomended to me using eigrp.

Following the documentation I configured all routers with the same "router eigrp 1" but then there is a doubt configuring network parameter.

The main LAN is 192.168.156.0, first delegation 192.168.157.0 second one 192.168.158.0 and up.

The vpn is stablished using dsl and LMDS lines.

What would be the correct "network" parameter??

Best regards

Labels:
0 Helpful
8 Replies 8

royalblues
Level 10
Level 10

‎09-12-2007 05:34 AM

The network parameter should include the interfaces where you want to run EIGRP

Can you post your network topology?

IPSec may not work well with routing protocols which use multicasts like EIGRP

HTH

Narayan

0 Helpful

edgar-quintana
Level 1
Level 1
In response to royalblues

‎09-12-2007 05:41 AM

Ajammm.

Well I have a problem adding a backup line(this problem was posted without resolution) and because of this I?m crazy and search new routing protocols and more

0 Helpful

lgijssel
Level 9
Level 9

‎09-12-2007 05:39 AM

Edgar, you will have to add all networks that have to be routed over this network.

However, I have my doubst as to if this going to work. This is because I know that multicasts (such as eigrp updates) are not forwarded over an ipsec vpn.

To overcome this problem, Cisco has developed DMVPN where a GRE tunnel is used within the IPsec link to allow just this:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html

regards,

Leo

0 Helpful

edgar-quintana
Level 1
Level 1
In response to lgijssel

‎09-12-2007 05:47 AM

Following my recent post, I only have to add a backup line.

There is a backu line configured but when the first line does not work there is not backup...

0 Helpful

lgijssel
Level 9
Level 9
In response to edgar-quintana

‎09-12-2007 05:56 AM

There may be static routes configured. Can you please post some configuration info?

regards,

Leo

0 Helpful

edgar-quintana
Level 1
Level 1
In response to lgijssel

‎09-12-2007 06:12 AM

Main router:

?sta es la configuraci?n en ejecuci?n de su router: 192.168.156.254

!----------------------------------------------------------------------------

!version 12.4

no service pad

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service compress-config

service sequence-numbers

!

hostname vpn1

crypto isakmp policy 1

encr 3des

authentication pre-share

lifetime 28800

crypto isakmp key xxxxxxx address IP PUBLICA VPN2 no-xauth

crypto ipsec transform-set xxxxxxxxxxxx

crypto ipsec df-bit clear

crypto map cmap-dele 100 ipsec-isakmp

set peer IP PUBLICA VPN2

set transform-set xxxxx

match address 110

ip route IP PUBLICA VPN2 IP PUBLICA LINEA PRINCIPAL LMDS permanent

ip route IP PUBLICA VPN2 ATM0/3/0.1 150 permanent LINEA BACKUP

access-list 110 permit ip 192.168.156.0 0.0.0.255 192.168.157.0 0.0.0.255

--------------------------------------------------------------------------------

Second router:

?sta es la configuraci?n en ejecuci?n de su router: 192.168.157.254

!----------------------------------------------------------------------------

!version 12.4

no service pad

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname vpn2

!

crypto isakmp policy 20

encr 3des

authentication pre-share

lifetime 28800

crypto isakmp key xxxxxxxx address IP PUBLICA PRINCIPAL xxxxxxx no-xauth

crypto isakmp key xxxxxxxx address IP PUBLICA BACKUP no-xauth

crypto ipsec transform-set xxxxxxxxx

crypto ipsec transform-set xxxxxxxxxxxxx

crypto ipsec df-bit clear

crypto map cmap-dele 100 ipsec-isakmp

description cedis-serlogis

set peer IP PUBLICA PRINCIPAL

set transform-set netlan

match address 110

crypto map cmap-dele 103 ipsec-isakmp

description BACKUP

set peer IP PUBLICA BACKUP

set transform-set netlan

match address 110

ip route 0.0.0.0 0.0.0.0 ATM0.1 permanent

access-list 110 permit ip 192.168.157.0 0.0.0.255 192.168.156.0 0.0.0.255

0 Helpful

edgar-quintana
Level 1
Level 1
In response to lgijssel

‎09-12-2007 06:13 AM

Interfaces configuration:

VPN1

C?digo:

--------------------------------------------------------------------------------

interface GigabitEthernet0/0

description $ETH-LAN$$FW_INSIDE$

ip address 192.168.158.254 255.255.255.0 secondary

ip address 192.168.156.254 255.255.255.0

ip access-group 102 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

no mop enabled

interface ATM0/3/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/3/0.1 point-to-point

description $FW_OUTSIDE$

ip address ip publica

ip access-group 105 in

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip inspect SDM_HIGH out

ip virtual-reassembly

no snmp trap link-status

crypto map cmap-dele

service-policy input sdmappfwp2p_SDM_HIGH

service-policy output sdmappfwp2p_SDM_HIGH

pvc 8/32

encapsulation aal5snap

--------------------------------------------------------------------------------

VPN2

C?digo:

--------------------------------------------------------------------------------

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

description $FW_OUTSIDE$

ip address ip publica

ip access-group 101 in

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip nat outside

ip inspect SDM_LOW out

ip virtual-reassembly

no snmp trap link-status

crypto map cmap-dele

pvc 8/32

encapsulation aal5snap

!

!

interface FastEthernet0

description $ETH-LAN$$FW_INSIDE$

ip address 192.168.157.254 255.255.255.0

ip access-group 100 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

speed auto

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card