We have two 3620 routers connected via a wireless bridge(350) link, and are trying to encrypt all traffic going across the link. Without the crypto map enabled, everything works fine, including EIGRP routing. However, when we apply the crypto map, routing seems to break, but packets are still getting encrypted. Are there any rules or caveats when trying to encrypt all traffic, including routing updates? We are doing a straight IPSec tunnel, not IPSec over GRE. Thanks.
EIGRP uses multicast packets to send routing updates. Multicast and broadcast packets do NOT go over a standard IPSec tunnel, there is nothing in the specification that ever allowed for that. To get multicast packets over an IPSec tunnel, you have to use a GRE/IPSec tunnel, so the multicast packets are placed inside a unicast GRE packet which can then be encrypted successfully.
Don't worry about the IPX stuff (GRE also allows you to encrypt non-IP traffic). Note how the 10.1.1.0 network on the GRE tunnel interfaces is part of the EIGRP process, that'll ensure that EIGRP is sent over the tunnel correctly, you'll then find all your remote routes over the tunnel interface and your normal IP traffic will go over this also, all encrypted.
It looks like my config is identical to the config you sent me, except the subnet being used on the tunnel interfaces is not part of the EIGRP process. I'm using a private address range(/30) for the tunnels, and we do not want to route private addresses into the network behind the router on the local(HQ) side. Are there any ways around this? I was thinking of just changing the tunnel subnet to a public IP range. Thanks.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...