IPsec problem

Unanswered Question
Jun 3rd, 2008
User Badges:

I configure IPsec AES MD5 between two routers. The access-list is that.

permit icmp any any

Works ok .

After that i configure the access-list as

permit ip any any .

The remote router do not get the routes from the Hub router.

I use EIGRP protocol and the remote router is a stub router. Also i use EIGRP authentication between the two routers md5.

What might be the problem.

Thanks a lot

moses.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Farrukh Haroon Tue, 06/03/2008 - 03:17
User Badges:
  • Red, 2250 points or more

Perhaps you need to deny the routing protocol traffic at the start of the ACL?


deny eigrp any any (or more specific if you like)


Regards


Farrukh

michael.leblanc Tue, 06/03/2008 - 12:19
User Badges:
  • Silver, 250 points or more

If you want to exchange dynamic routing protocol information between sites, shouldn't you be using GRE within the IPSec tunnel to facilitate the exchange of broadcasts?


I also think you should avoid using the keyword "any" in your crypto ACLs. I have read many Cisco documents that warn against its use.



Actions

This Discussion