Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2307
Views
0
Helpful
3
Replies

EIGRP over IPSEC

abbas.ali
Level 1
Level 1

‎11-19-2002 12:13 PM - edited ‎02-20-2020 10:23 PM

Is it true that in order to run EIGRP between site-to-site VPN, One must need to run GRE because what I read that IPSEC doesn't support multiprotocol?

But then, my headqurter has PIX Firewall, where I was thinking of terminating 8 IPSEC tunnels from the remote offices. What I read that PIX Firewall and VPN Concentrators don't support GRE. Is there any alternatives.

0 Helpful
3 Replies 3

Nairi Adamian
Cisco Employee
Cisco Employee

‎11-19-2002 03:57 PM

You can terminate the ipsec tunnel on the pix but you still need to have a router behind the pix to terminate the GRE tunnel.

something similar to the sample configuration below:

http://www.cisco.com/warp/public/707/gre_ipsec_ospf.html

hope this helps,

-Nairi

0 Helpful

lnthompson
Level 1
Level 1

‎01-14-2003 11:11 AM

We build the GRE to the MSFC's on the 6500 inside the firewall. It works quite well as the previous post mentioned.

0 Helpful

Neil Anderson
Level 1
Level 1

‎01-20-2003 03:37 PM

GRE is needed as IPSec does not support multicast needed for dynamic routing protocols such as EIGRP.

Depending on your remotes and routing plan, Reverse Route Injection (RRI)may be an option if you don't need to run "full" dynamic routing on both endpoints. RRI is available on IOS VPN Routers and VPN3000 Concentrator.

Also, PIX Firewall is OK as a site-to-site VPN head-end, however IOS VPN Router at head-end more readily supports hub-and-spoke/site-to-site VPN topologies, especially when spoke-to-spoke traffic is required.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card