Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1379
Views
0
Helpful
7
Replies

Routing loop EIGRP

ptenggren
Level 1
Level 1

‎10-24-2007 04:06 AM - edited ‎03-03-2019 07:19 PM

Hello,

Here is a short brief over the network:

Cisco1800 <---> ASA <---> INTERNET <---> Cisco871

The ASA-firewall and the Cisco871 holds an IPSec-tunnel over the Internet and the Cisco1800 and Cisco871 running a GRE-tunnel inside the IPSec-tunnel. The routing protocol that runs is EIGRP, but OSPF between the 1800-router and the ASA-Firewall.

Fine everything works perfect, but last week I upgraded the ASA-firewall to version 8 that supports EIGRP and tried to migrate from OSPF to EIGRP between the 1800-router and the ASA. After that the GRE-tunnel started to flap and I realized that a recursive root was the problem.

The configuration looks like this:

1800:

interface Tunnel0

description GRE tunnel.

bandwidth 5000

ip address 10.254.1.1 255.255.255.0

no ip redirects

ip mtu 1400

tunnel source Loopback0

tunnel destination 10.254.2.2

tunnel key XXXX

router eigrp 1

redistribute static

network 10.83.1.0 0.0.0.255

network 10.254.1.0 0.0.0.255

no auto-summary

871:

interface Tunnel0

description description GRE tunnel.

bandwidth 5000

ip address 10.254.1.2 255.255.255.0

ip mtu 1400

ip tcp adjust-mss 1360

delay 1000

tunnel source Loopback0

tunnel destination 10.254.2.1

tunnel key XXXX

router eigrp 1

network 10.84.1.0 0.0.0.255

network 10.254.1.0 0.0.0.255

no auto-summary

Labels:
0 Helpful
7 Replies 7

Kevin Dorrell
Level 10
Level 10

‎10-24-2007 04:27 AM

Are your loopback interfaces 10.254.2.1 and 10.254.2.2 respectively? What mask do you have on them? At the moment I am failing to understand how the 1800 and the 871 find each other's loopbacks in order to form the tunnel at all.

Don't forget that OSPF will have distributed the routes to your loopbacks as /32 host routes. EIGRP will distribute them with their original masks. If you have put masks of /24 on them, the EIGRP will think they are the on same network.

Kevin Dorrell

Luxembourg

0 Helpful

ptenggren
Level 1
Level 1
In response to Kevin Dorrell

‎10-24-2007 04:57 AM

Hello Kevin,

It's correct that 10.254.2.1 and 10.254.2.2 are the loopback interfaces and the mask is 255.255.255.255

FYI: The IPSec-tunnel is configured to encrypt traffic between the loopback interfaces.

0 Helpful

Kevin Dorrell
Level 10
Level 10
In response to ptenggren

‎10-24-2007 05:15 AM

So how does each router find the route to the tunnel endpoint in the remote router? On the 10.254.2.1 router, what is its show ip route 10.254.2.2 before the tunnel comes up?

I don't see why you should get tunnel flapping; the tunnel endpoints do not seem to be part of the EIGRP topology.

Kevin Dorrell

Luxembourg

0 Helpful

ptenggren
Level 1
Level 1
In response to Kevin Dorrell

‎10-24-2007 06:10 AM

>So how does each router find the route to the tunnel endpoint in the remote router?

The IPSec-tunnel, the ASA and C871 are the default gateways at each LAN.

>what is its show ip route 10.254.2.2

I can't give you that output right now because I rolled back the configuration.

0 Helpful

Kevin Dorrell
Level 10
Level 10
In response to ptenggren

‎10-24-2007 06:27 AM

I'm still not sure why your tunnel is flapping then. Your tunnel endpoints are not part of the EIGRP domain, so they cannot be learned through the tunnel itself, which is usually the reason for tunnel flapping.

Unless of course your default route is being distributed in EIGRP and learned through the tunnel, in which case the tunnel would flap if the tunnel end points were part of that default route.

One solution to that would be to make a static route specifically for your tunnel endpoints. Being more specific, that would take precedence over the default route learned through the tunnel.

Kevin Dorrell

Luxembourg

0 Helpful

ptenggren
Level 1
Level 1
In response to Kevin Dorrell

‎10-24-2007 06:39 AM

Okay thanks, I will do a new try this weekend I hope.

This is the routing-conf at the box right now:

##### Cisco 1800 #####

router eigrp 1

redistribute static

network 10.83.1.0 0.0.0.255

network 10.254.1.0 0.0.0.255

no auto-summary

!

router ospf 100

log-adjacency-changes

redistribute eigrp 1 subnets

network 10.0.0.0 0.255.255.255 area 100

ip route 192.168.10.0 255.255.255.0 10.83.1.253

##### ASA 5510 #####

router ospf 100

router-id 10.83.1.253

network 10.83.1.0 255.255.255.0 area 100

network 192.168.10.0 255.255.255.0 area 100

area 100

log-adj-changes

default-information originate metric 1

!

route outside 0.0.0.0 0.0.0.0 213.X.X.X1

How would you write the EIGRP-conf between the ASA and the 1800 with this information?

192.168.10.0/24 is just a DMZ-network at the ASA.

0 Helpful

ptenggren
Level 1
Level 1
In response to ptenggren

‎10-29-2007 02:39 AM

anyone?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card