06-03-2008 12:08 AM - edited 02-21-2020 03:45 PM
I configure IPsec AES MD5 between two routers. The access-list is that.
permit icmp any any
Works ok .
After that i configure the access-list as
permit ip any any .
The remote router do not get the routes from the Hub router.
I use EIGRP protocol and the remote router is a stub router. Also i use EIGRP authentication between the two routers md5.
What might be the problem.
Thanks a lot
moses.
06-03-2008 03:17 AM
Perhaps you need to deny the routing protocol traffic at the start of the ACL?
deny eigrp any any (or more specific if you like)
Regards
Farrukh
06-03-2008 12:19 PM
If you want to exchange dynamic routing protocol information between sites, shouldn't you be using GRE within the IPSec tunnel to facilitate the exchange of broadcasts?
I also think you should avoid using the keyword "any" in your crypto ACLs. I have read many Cisco documents that warn against its use.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide