eigrp tunnel question

Answered Question
Jan 6th, 2010

Greeting

for infrastructure traffic <->routerA<->FW<->routerB, and if both router using eigrp, except ask FW to open a hole for eigrp communication though, can I use eigrp tunnel?

I am a little confused, if I do use the eigrp tunnel, will it tunnel all traffic bypass the Firewall? can I only make turnnel with the routing protocol eigrp traffic only, so all user traffic will get firewall checked?

If it is correct method to use, please advice me an example of configuration.

Any comment will be appreciated

Thanks in advance

I have this problem too.
0 votes
Correct Answer by Marwan ALshawi about 6 years 11 months ago

in general if you have a firewall in between

you can do one of the following:

- use  a gre tunnel to bypass the firewall and make sure the firewall permit gre traffic

- let the firewall participate in the routing

- use the firewall in transparent mode

can you post your diagram of the network to understand it in more detail

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Marwan ALshawi Wed, 01/06/2010 - 21:43

the traffic will go through the tunnel and the ASA will see only gre traffic !!

i think the new ASA software has support to eigrp you may configure the ASA to be part of the network

of if you looking to have the network (L3 perspectives) as there is no firewall in the path you could configure your ASA firewall in transparent mode int this mode the ASA will looks like a switch i mean L3 routers will not see it in the path and they can communicant as directly connected to the same subnet however the ASA will do firewalling in the path

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

good luck

if helpful Rate

julxu Thu, 01/07/2010 - 20:24

Great thanks for the reply.

However, I do not have control on the firewall box. But, I want find out if I can run eigrp on routers at both site of firewall, and pass the routing table over. is it inposible?

how about I use ibgp on both end, and at my end run eigrp and ibgp? and let ibgp pass the required routing table to another end?

Please advice,

Thanks in advance

Correct Answer
Marwan ALshawi Thu, 01/07/2010 - 23:01

in general if you have a firewall in between

you can do one of the following:

- use  a gre tunnel to bypass the firewall and make sure the firewall permit gre traffic

- let the firewall participate in the routing

- use the firewall in transparent mode

can you post your diagram of the network to understand it in more detail

Actions

This Discussion