06-03-2008 12:08 AM - edited 02-21-2020 03:45 PM
I configure IPsec AES MD5 between two routers. The access-list is that.
permit icmp any any
Works ok .
After that i configure the access-list as
permit ip any any .
The remote router do not get the routes from the Hub router.
I use EIGRP protocol and the remote router is a stub router. Also i use EIGRP authentication between the two routers md5.
What might be the problem.
Thanks a lot
moses.
06-03-2008 03:17 AM
Perhaps you need to deny the routing protocol traffic at the start of the ACL?
deny eigrp any any (or more specific if you like)
Regards
Farrukh
06-03-2008 12:19 PM
If you want to exchange dynamic routing protocol information between sites, shouldn't you be using GRE within the IPSec tunnel to facilitate the exchange of broadcasts?
I also think you should avoid using the keyword "any" in your crypto ACLs. I have read many Cisco documents that warn against its use.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: