Solved: IPsec problem

moses12315 · ‎06-02-2008

I configure IPsec AES MD5 between two routers. The access-list is that.

permit icmp any any

Works ok .

After that i configure the access-list as

permit ip any any .

The remote router do not get the routes from the Hub router.

I use EIGRP protocol and the remote router is a stub router. Also i use EIGRP authentication between the two routers md5.

What might be the problem.

Thanks a lot

moses.

attrgautam · ‎06-03-2008

Another thing in the ACL you would change is deny traffic from IPSEC Source IP to IPSEC Destination IP so that the IKE negotiation happens else your IPSEC itself will not come up.

If you want to run EIGRP over IPSEC, maybe you should explore Virtual Tunnel Interfaces or Dynamic Multipoint VPN

View solution in original post

royalblues · ‎06-03-2008

EIGRP uses multicast for building adjacencies and ipsec does not support multicast. You might be required to use GRE over IPSec to support your configuration

Alternatively you can exclude eigrp packets from being encrypted eg.. something like this

access-list 101 deny eigrp any any

access-list 101 permit ip any any

HTH

Narayan

attrgautam · ‎06-03-2008

Another thing in the ACL you would change is deny traffic from IPSEC Source IP to IPSEC Destination IP so that the IKE negotiation happens else your IPSEC itself will not come up.

If you want to run EIGRP over IPSEC, maybe you should explore Virtual Tunnel Interfaces or Dynamic Multipoint VPN