IPsec problem

Unanswered Question
Jun 3rd, 2008

I configure IPsec AES MD5 between two routers. The access-list is that.

permit icmp any any

Works ok .

After that i configure the access-list as

permit ip any any .

The remote router do not get the routes from the Hub router.

I use EIGRP protocol and the remote router is a stub router. Also i use EIGRP authentication between the two routers md5.

What might be the problem.

Thanks a lot

moses.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Farrukh Haroon Tue, 06/03/2008 - 03:17

Perhaps you need to deny the routing protocol traffic at the start of the ACL?

deny eigrp any any (or more specific if you like)

Regards

Farrukh

michael.leblanc Tue, 06/03/2008 - 12:19

If you want to exchange dynamic routing protocol information between sites, shouldn't you be using GRE within the IPSec tunnel to facilitate the exchange of broadcasts?

I also think you should avoid using the keyword "any" in your crypto ACLs. I have read many Cisco documents that warn against its use.

Actions

This Discussion