cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1346
Views
0
Helpful
29
Replies

site-to site VPN +routing protocol

mohammady
Level 1
Level 1

I have two routers connected via leased line and site-to-site VPN is implemented on this link ,also I configure EIGRP between the two routers and it is working fine...

my question is that is it possible to configure EIGRP over IPsec applied on this leased line???because what I knew is that for routing protocols GRE must be used??!!!

29 Replies 29

John Blakley
VIP Alumni
VIP Alumni

You have to use GRE to use EIGRP, and you have to have tunnel interfaces for this to work properly.

--John

HTH, John *** Please rate all useful posts ***

but it is working properly without gre,this is confusing me!!!??I just configure normal site-to-site VPN over the lease line and I can see neighboring between the two routers.??!!!

What does your config look like?

HTH, John *** Please rate all useful posts ***

the two routers connected as:

R1(s0/0)<----leased line----->R2(s0/0)

R1:

-----

crypto isakmp policy 1

encryption 3des

authentication pre-share

crypto isakmp key < > address x.x.x.x

crypto ipsec transform-set mytransformset esp-3des esp-md5-hmac

access-list 101 permit ip 10.10.0.0 0.0.0.255 10.20.0.0 0.0.0.255

crypto map Cryptomap1 10 ipsec-isakmp

set peer x.x.x.x

set transform-set mytransformset

match address 101

int s0/0

crypto map Cryptomap1

router eigrp 1

network 10.0.0.0

no auto summ

What is the addressing on your serial interfaces ?

Jon

One of these days Jon, I may beat you to the punch. ;-) Good question!

--John

HTH, John *** Please rate all useful posts ***

Think you already have in a couple of posts :-)

I was just wondering because if the serial interfaces fall into the 10.x.x.x range then over a leased line it will form an EIGRP neighborship which is nothing to do with the VPN tunnel.

Jon

What is the result of:

sh ip eigrp neigh

sh ip route eigrp

HTH, John *** Please rate all useful posts ***

the serial interface use a diffrent subnet

neighbor is the ip address of the serial interface of the remote router,,,and the all networks have the remote router ip address as next hop,..

I hate to say it but sometimes this site is little confusing... LOL

Are you saying that you've found a way to get a routing protocol to work across a VPN L2L IPSEC tunnel?

I was under the impression that this wouldn't work.

Yes but what is the exact addressing ie. if it is 10.x.x.x anything then EIGRP will run on that interface and will form a neighborship with the other router.

Jon

It will form a relationship but the routing table would be empty because of the multicast issues with EIGRP right?

the routing table is not empty all the network appear with next hop -->ip address of the remote router....

lets say I want to configure GRE over IPsec where shall I apply the crypto map..I see some document apply it to tunnel other apply to tunnel&physical and other applying it on physical only???...also the access list in most documents contains only the tunnel source and destination IP's ??is this right??what about the internal network shall I include it in the access-list or it is not necessary??see the below link:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009438e.shtml

Sorry I must have gotten lost somewhere in the thread. So you are using GRE over IPSEC?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco