Control plane traffic including routing protocols are denied in the acl for the encryption policy. In effect, get VPN assumes a functioning routed network outside the encryption domain. You of course have the option to protect eigrp with keys to authenticate routing updates between authorized peers.