eigrp tunnel question

Answered Question
Jan 6th, 2010
User Badges:

Greeting


for infrastructure traffic <->routerA<->FW<->routerB, and if both router using eigrp, except ask FW to open a hole for eigrp communication though, can I use eigrp tunnel?


I am a little confused, if I do use the eigrp tunnel, will it tunnel all traffic bypass the Firewall? can I only make turnnel with the routing protocol eigrp traffic only, so all user traffic will get firewall checked?


If it is correct method to use, please advice me an example of configuration.


Any comment will be appreciated


Thanks in advance

Correct Answer by Marwan ALshawi about 7 years 6 months ago

in general if you have a firewall in between


you can do one of the following:


- use  a gre tunnel to bypass the firewall and make sure the firewall permit gre traffic

- let the firewall participate in the routing

- use the firewall in transparent mode


can you post your diagram of the network to understand it in more detail

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Marwan ALshawi Wed, 01/06/2010 - 21:43
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

the traffic will go through the tunnel and the ASA will see only gre traffic !!


i think the new ASA software has support to eigrp you may configure the ASA to be part of the network


of if you looking to have the network (L3 perspectives) as there is no firewall in the path you could configure your ASA firewall in transparent mode int this mode the ASA will looks like a switch i mean L3 routers will not see it in the path and they can communicant as directly connected to the same subnet however the ASA will do firewalling in the path


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml



good luck

if helpful Rate

julxu Thu, 01/07/2010 - 20:24
User Badges:

Great thanks for the reply.


However, I do not have control on the firewall box. But, I want find out if I can run eigrp on routers at both site of firewall, and pass the routing table over. is it inposible?


how about I use ibgp on both end, and at my end run eigrp and ibgp? and let ibgp pass the required routing table to another end?


Please advice,


Thanks in advance

Correct Answer
Marwan ALshawi Thu, 01/07/2010 - 23:01
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

in general if you have a firewall in between


you can do one of the following:


- use  a gre tunnel to bypass the firewall and make sure the firewall permit gre traffic

- let the firewall participate in the routing

- use the firewall in transparent mode


can you post your diagram of the network to understand it in more detail

Actions

This Discussion