11-04-2008 11:29 AM - edited 03-04-2019 12:11 AM
I have two routers connected via leased line and site-to-site VPN is implemented on this link ,also I configure EIGRP between the two routers and it is working fine...
my question is that is it possible to configure EIGRP over IPsec applied on this leased line???because what I knew is that for routing protocols GRE must be used??!!!
11-04-2008 11:48 AM
You have to use GRE to use EIGRP, and you have to have tunnel interfaces for this to work properly.
--John
11-04-2008 11:54 AM
but it is working properly without gre,this is confusing me!!!??I just configure normal site-to-site VPN over the lease line and I can see neighboring between the two routers.??!!!
11-04-2008 11:57 AM
What does your config look like?
11-04-2008 12:14 PM
the two routers connected as:
R1(s0/0)<----leased line----->R2(s0/0)
R1:
-----
crypto isakmp policy 1
encryption 3des
authentication pre-share
crypto isakmp key < > address x.x.x.x
crypto ipsec transform-set mytransformset esp-3des esp-md5-hmac
access-list 101 permit ip 10.10.0.0 0.0.0.255 10.20.0.0 0.0.0.255
crypto map Cryptomap1 10 ipsec-isakmp
set peer x.x.x.x
set transform-set mytransformset
match address 101
int s0/0
crypto map Cryptomap1
router eigrp 1
network 10.0.0.0
no auto summ
11-04-2008 12:17 PM
What is the addressing on your serial interfaces ?
Jon
11-04-2008 12:19 PM
One of these days Jon, I may beat you to the punch. ;-) Good question!
--John
11-04-2008 12:26 PM
Think you already have in a couple of posts :-)
I was just wondering because if the serial interfaces fall into the 10.x.x.x range then over a leased line it will form an EIGRP neighborship which is nothing to do with the VPN tunnel.
Jon
11-04-2008 12:18 PM
What is the result of:
sh ip eigrp neigh
sh ip route eigrp
11-04-2008 12:59 PM
the serial interface use a diffrent subnet
neighbor is the ip address of the serial interface of the remote router,,,and the all networks have the remote router ip address as next hop,..
11-04-2008 01:06 PM
I hate to say it but sometimes this site is little confusing... LOL
Are you saying that you've found a way to get a routing protocol to work across a VPN L2L IPSEC tunnel?
I was under the impression that this wouldn't work.
11-04-2008 01:53 PM
Yes but what is the exact addressing ie. if it is 10.x.x.x anything then EIGRP will run on that interface and will form a neighborship with the other router.
Jon
11-04-2008 01:59 PM
It will form a relationship but the routing table would be empty because of the multicast issues with EIGRP right?
11-04-2008 02:09 PM
the routing table is not empty all the network appear with next hop -->ip address of the remote router....
lets say I want to configure GRE over IPsec where shall I apply the crypto map..I see some document apply it to tunnel other apply to tunnel&physical and other applying it on physical only???...also the access list in most documents contains only the tunnel source and destination IP's ??is this right??what about the internal network shall I include it in the access-list or it is not necessary??see the below link:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009438e.shtml
11-04-2008 02:13 PM
Sorry I must have gotten lost somewhere in the thread. So you are using GRE over IPSEC?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide