Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

EIGRP thru site-to-site IPSec VPN

having trouble getting EIGRP to work through a IOS (2ea. 2811s) site to site IPSec VPN peer connection.  IPSec VPN is working with tunneled static route statements.  Using the basic IPSec policy and VTI interface:

crypto isakmp policy 1

authentication pre-share

group 2

crypto isakmp key "  " address 192.168.x.66

!

crypto ipsec transform-set vpn esp-3des esp-sha-hmac

crypto ipsec df-bit set

!

crypto map static-crypt 6 ipsec-isakmp

set peer 192.168.x.66

set transform-set vpn

match address 101

!

interface tunnel1

ip address 1xx.33.20.226 255.255.255.252

no ip redirects

ip mtu 1400

ip tcp adjust-mss 1360

qos pre-classify

tunnel source FastEthernet 0/0

tunnel destination 192.168.x.66

crypto map static-crypto

!

interface FastEthernet 0/0

ip add....

crypto map static-crypto

!

router eigrp 10

passive-interface default

no passive-interface FastEthernet 0/1

no passive-interface Tunnel1

network ....

network.....

no auto-summary

!

ip route 0.0.0.0 0.0.0.0 Tunnel1

ip route 0.0.0.0 0.0.0.0 146.33.20.225 <-- peer's default-gateway is VPN peer router on other side of satelite conection.

must be something simple, but I don't see it.

thanks, kevin

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: EIGRP thru site-to-site IPSec VPN

Not familiar with VTI's, but I think you're missing:

tunnel mode ipsec ipv4

tunnel protection ipsec profile

Also don't think you need crypto map on tunnel since it's already on fa0/0.  What does access-list 101 look like? Take a look at this doc:

http://www.ciscosystems.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html

1 REPLY
New Member

Re: EIGRP thru site-to-site IPSec VPN

Not familiar with VTI's, but I think you're missing:

tunnel mode ipsec ipv4

tunnel protection ipsec profile

Also don't think you need crypto map on tunnel since it's already on fa0/0.  What does access-list 101 look like? Take a look at this doc:

http://www.ciscosystems.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html

323
Views
0
Helpful
1
Replies
CreatePlease to create content