11-04-2008 11:29 AM - edited 03-04-2019 12:11 AM
I have two routers connected via leased line and site-to-site VPN is implemented on this link ,also I configure EIGRP between the two routers and it is working fine...
my question is that is it possible to configure EIGRP over IPsec applied on this leased line???because what I knew is that for routing protocols GRE must be used??!!!
11-04-2008 11:48 AM
You have to use GRE to use EIGRP, and you have to have tunnel interfaces for this to work properly.
--John
11-04-2008 11:54 AM
but it is working properly without gre,this is confusing me!!!??I just configure normal site-to-site VPN over the lease line and I can see neighboring between the two routers.??!!!
11-04-2008 11:57 AM
What does your config look like?
11-04-2008 12:14 PM
the two routers connected as:
R1(s0/0)<----leased line----->R2(s0/0)
R1:
-----
crypto isakmp policy 1
encryption 3des
authentication pre-share
crypto isakmp key < > address x.x.x.x
crypto ipsec transform-set mytransformset esp-3des esp-md5-hmac
access-list 101 permit ip 10.10.0.0 0.0.0.255 10.20.0.0 0.0.0.255
crypto map Cryptomap1 10 ipsec-isakmp
set peer x.x.x.x
set transform-set mytransformset
match address 101
int s0/0
crypto map Cryptomap1
router eigrp 1
network 10.0.0.0
no auto summ
11-04-2008 12:17 PM
What is the addressing on your serial interfaces ?
Jon
11-04-2008 12:19 PM
One of these days Jon, I may beat you to the punch. ;-) Good question!
--John
11-04-2008 12:26 PM
Think you already have in a couple of posts :-)
I was just wondering because if the serial interfaces fall into the 10.x.x.x range then over a leased line it will form an EIGRP neighborship which is nothing to do with the VPN tunnel.
Jon
11-04-2008 12:18 PM
What is the result of:
sh ip eigrp neigh
sh ip route eigrp
11-04-2008 12:59 PM
the serial interface use a diffrent subnet
neighbor is the ip address of the serial interface of the remote router,,,and the all networks have the remote router ip address as next hop,..
11-04-2008 01:06 PM
I hate to say it but sometimes this site is little confusing... LOL
Are you saying that you've found a way to get a routing protocol to work across a VPN L2L IPSEC tunnel?
I was under the impression that this wouldn't work.
11-04-2008 01:53 PM
Yes but what is the exact addressing ie. if it is 10.x.x.x anything then EIGRP will run on that interface and will form a neighborship with the other router.
Jon
11-04-2008 01:59 PM
It will form a relationship but the routing table would be empty because of the multicast issues with EIGRP right?
11-04-2008 02:09 PM
the routing table is not empty all the network appear with next hop -->ip address of the remote router....
lets say I want to configure GRE over IPsec where shall I apply the crypto map..I see some document apply it to tunnel other apply to tunnel&physical and other applying it on physical only???...also the access list in most documents contains only the tunnel source and destination IP's ??is this right??what about the internal network shall I include it in the access-list or it is not necessary??see the below link:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009438e.shtml
11-04-2008 02:13 PM
Sorry I must have gotten lost somewhere in the thread. So you are using GRE over IPSEC?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: