https://community.cisco.com/t5/network-security/allow-eigrp-through-the-pix/m-p/483822#M532133 <HTML><HEAD></HEAD><BODY><P>To permit outbound eigrp you will need to add</P><P></P><P>access-list inside permit eigrp any any</P><P></P><P>to establish the neighbors on seperate subnets, on the routers add the eigrp nieghbor command </P><P></P><P>neighbor x.x.x.x (the ip of the peer router)</P><P></P><P>note that using the neighbor command can cause some undesireable results by disabling the processing or sending of multicast packets on that eigrp interface. The last link below provide additional info on that.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb733.html" target="_blank">http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb733.html</A></P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017d02a.html#wp1076355" target="_blank">http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017d02a.html#wp1076355</A></P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/customer/tech/tk365/technologies_q_and_a_item09186a008012dac4.shtml" target="_blank">http://www.cisco.com/en/US/customer/tech/tk365/technologies_q_and_a_item09186a008012dac4.shtml</A></P></BODY></HTML> Fri, 07 Oct 2005 17:45:43 GMT bobd 2005-10-07T17:45:43Z https://community.cisco.com/t5/network-security/allow-eigrp-through-the-pix/m-p/483821#M532131 <P>I have a customer who wants to allow EIGRP through the PIX. I have tried this in my lab (one router on PIX inside and another router on PIX outside) and can't get it to work. I also put the two routers on the same subnet (changed the IP address of one) and verified EIGRP was working correctly on each router. </P><P></P><P>Here's the relevant portions of the PIX config:</P><P></P><P>access-list outside permit icmp any any </P><P>access-list outside permit tcp any host 172.16.1.22 eq www </P><P>access-list outside permit eigrp any any </P><P>access-list outside permit ip any host 224.0.0.10 </P><P>access-list inside permit ip any any </P><P>ip address outside 172.16.1.1 255.255.255.0</P><P>ip address inside 10.1.1.1 255.255.255.0</P><P>global (outside) 1 interface</P><P>nat (inside) 1 0.0.0.0 0.0.0.0 0 0</P><P>static (inside,outside) 172.16.1.22 10.1.1.2 netmask 255.255.255.255 0 0 </P><P>static (inside,outside) 172.16.1.5 10.1.1.5 netmask 255.255.255.255 0 0 </P><P>static (inside,outside) 224.0.0.10 224.0.0.10 netmask 255.255.255.255 0 0 </P><P>access-group outside in interface outside</P><P>access-group inside in interface inside</P><P></P><P>I don't say this is a wise thing to do, I just want to know if it's possible. After all, the PIX accepts 'eigrp' as a keyword.</P> Fri, 21 Feb 2020 08:27:00 GMT https://community.cisco.com/t5/network-security/allow-eigrp-through-the-pix/m-p/483821#M532131 jvhaysx 2020-02-21T08:27:00Z https://community.cisco.com/t5/network-security/allow-eigrp-through-the-pix/m-p/483822#M532133 <HTML><HEAD></HEAD><BODY><P>To permit outbound eigrp you will need to add</P><P></P><P>access-list inside permit eigrp any any</P><P></P><P>to establish the neighbors on seperate subnets, on the routers add the eigrp nieghbor command </P><P></P><P>neighbor x.x.x.x (the ip of the peer router)</P><P></P><P>note that using the neighbor command can cause some undesireable results by disabling the processing or sending of multicast packets on that eigrp interface. The last link below provide additional info on that.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb733.html" target="_blank">http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb733.html</A></P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017d02a.html#wp1076355" target="_blank">http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017d02a.html#wp1076355</A></P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/customer/tech/tk365/technologies_q_and_a_item09186a008012dac4.shtml" target="_blank">http://www.cisco.com/en/US/customer/tech/tk365/technologies_q_and_a_item09186a008012dac4.shtml</A></P></BODY></HTML> Fri, 07 Oct 2005 17:45:43 GMT https://community.cisco.com/t5/network-security/allow-eigrp-through-the-pix/m-p/483822#M532133 bobd 2005-10-07T17:45:43Z