Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

eigrp tunnel question

Greeting

for infrastructure traffic <->routerA<->FW<->routerB, and if both router using eigrp, except ask FW to open a hole for eigrp communication though, can I use eigrp tunnel?

I am a little confused, if I do use the eigrp tunnel, will it tunnel all traffic bypass the Firewall? can I only make turnnel with the routing protocol eigrp traffic only, so all user traffic will get firewall checked?

If it is correct method to use, please advice me an example of configuration.

Any comment will be appreciated

Thanks in advance

1 ACCEPTED SOLUTION

Accepted Solutions

Re: eigrp tunnel question

in general if you have a firewall in between

you can do one of the following:

- use  a gre tunnel to bypass the firewall and make sure the firewall permit gre traffic

- let the firewall participate in the routing

- use the firewall in transparent mode

can you post your diagram of the network to understand it in more detail

3 REPLIES

Re: eigrp tunnel question

the traffic will go through the tunnel and the ASA will see only gre traffic !!

i think the new ASA software has support to eigrp you may configure the ASA to be part of the network

of if you looking to have the network (L3 perspectives) as there is no firewall in the path you could configure your ASA firewall in transparent mode int this mode the ASA will looks like a switch i mean L3 routers will not see it in the path and they can communicant as directly connected to the same subnet however the ASA will do firewalling in the path

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

good luck

if helpful Rate

New Member

Re: eigrp tunnel question

Great thanks for the reply.

However, I do not have control on the firewall box. But, I want find out if I can run eigrp on routers at both site of firewall, and pass the routing table over. is it inposible?

how about I use ibgp on both end, and at my end run eigrp and ibgp? and let ibgp pass the required routing table to another end?

Please advice,

Thanks in advance

Re: eigrp tunnel question

in general if you have a firewall in between

you can do one of the following:

- use  a gre tunnel to bypass the firewall and make sure the firewall permit gre traffic

- let the firewall participate in the routing

- use the firewall in transparent mode

can you post your diagram of the network to understand it in more detail

279
Views
5
Helpful
3
Replies