06-02-2008 11:57 PM - edited 03-03-2019 10:12 PM
I configure IPsec AES MD5 between two routers. The access-list is that.
permit icmp any any
Works ok .
After that i configure the access-list as
permit ip any any .
The remote router do not get the routes from the Hub router.
I use EIGRP protocol and the remote router is a stub router. Also i use EIGRP authentication between the two routers md5.
What might be the problem.
Thanks a lot
moses.
Solved! Go to Solution.
06-03-2008 07:38 AM
Another thing in the ACL you would change is deny traffic from IPSEC Source IP to IPSEC Destination IP so that the IKE negotiation happens else your IPSEC itself will not come up.
If you want to run EIGRP over IPSEC, maybe you should explore Virtual Tunnel Interfaces or Dynamic Multipoint VPN
06-03-2008 03:03 AM
EIGRP uses multicast for building adjacencies and ipsec does not support multicast. You might be required to use GRE over IPSec to support your configuration
Alternatively you can exclude eigrp packets from being encrypted eg.. something like this
access-list 101 deny eigrp any any
access-list 101 permit ip any any
HTH
Narayan
06-03-2008 07:38 AM
Another thing in the ACL you would change is deny traffic from IPSEC Source IP to IPSEC Destination IP so that the IKE negotiation happens else your IPSEC itself will not come up.
If you want to run EIGRP over IPSEC, maybe you should explore Virtual Tunnel Interfaces or Dynamic Multipoint VPN
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide