cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
433
Views
10
Helpful
2
Replies

IPsec problem

moses12315
Level 1
Level 1

I configure IPsec AES MD5 between two routers. The access-list is that.

permit icmp any any

Works ok .

After that i configure the access-list as

permit ip any any .

The remote router do not get the routes from the Hub router.

I use EIGRP protocol and the remote router is a stub router. Also i use EIGRP authentication between the two routers md5.

What might be the problem.

Thanks a lot

moses.

2 Replies 2

Farrukh Haroon
VIP Alumni
VIP Alumni

Perhaps you need to deny the routing protocol traffic at the start of the ACL?

deny eigrp any any (or more specific if you like)

Regards

Farrukh

michael.leblanc
Level 4
Level 4

If you want to exchange dynamic routing protocol information between sites, shouldn't you be using GRE within the IPSec tunnel to facilitate the exchange of broadcasts?

I also think you should avoid using the keyword "any" in your crypto ACLs. I have read many Cisco documents that warn against its use.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: