Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

IPsec problem

I configure IPsec AES MD5 between two routers. The access-list is that.

permit icmp any any

Works ok .

After that i configure the access-list as

permit ip any any .

The remote router do not get the routes from the Hub router.

I use EIGRP protocol and the remote router is a stub router. Also i use EIGRP authentication between the two routers md5.

What might be the problem.

Thanks a lot

moses.

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: IPsec problem

Another thing in the ACL you would change is deny traffic from IPSEC Source IP to IPSEC Destination IP so that the IKE negotiation happens else your IPSEC itself will not come up.

If you want to run EIGRP over IPSEC, maybe you should explore Virtual Tunnel Interfaces or Dynamic Multipoint VPN

2 REPLIES

Re: IPsec problem

EIGRP uses multicast for building adjacencies and ipsec does not support multicast. You might be required to use GRE over IPSec to support your configuration

Alternatively you can exclude eigrp packets from being encrypted eg.. something like this

access-list 101 deny eigrp any any

access-list 101 permit ip any any

HTH

Narayan

Silver

Re: IPsec problem

Another thing in the ACL you would change is deny traffic from IPSEC Source IP to IPSEC Destination IP so that the IKE negotiation happens else your IPSEC itself will not come up.

If you want to run EIGRP over IPSEC, maybe you should explore Virtual Tunnel Interfaces or Dynamic Multipoint VPN

111
Views
5
Helpful
2
Replies
CreatePlease to create content