Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPsec problem

I configure IPsec AES MD5 between two routers. The access-list is that.

permit icmp any any

Works ok .

After that i configure the access-list as

permit ip any any .

The remote router do not get the routes from the Hub router.

I use EIGRP protocol and the remote router is a stub router. Also i use EIGRP authentication between the two routers md5.

What might be the problem.

Thanks a lot

moses.

2 REPLIES

Re: IPsec problem

Perhaps you need to deny the routing protocol traffic at the start of the ACL?

deny eigrp any any (or more specific if you like)

Regards

Farrukh

Re: IPsec problem

If you want to exchange dynamic routing protocol information between sites, shouldn't you be using GRE within the IPSec tunnel to facilitate the exchange of broadcasts?

I also think you should avoid using the keyword "any" in your crypto ACLs. I have read many Cisco documents that warn against its use.

95
Views
10
Helpful
2
Replies