09-12-2007 05:29 AM - edited 03-05-2019 06:26 PM
Hi,
I?m interested in working with eigrp.
Now, at my network devices we use static routes(like always), but step by step, our network has been increasing.
We have a 2821 cisco and several delagations using a 1721.
There is a vpn ipsec 3des vpn stablished between all of them.
Posting a document, a user recomended to me using eigrp.
Following the documentation I configured all routers with the same "router eigrp 1" but then there is a doubt configuring network parameter.
The main LAN is 192.168.156.0, first delegation 192.168.157.0 second one 192.168.158.0 and up.
The vpn is stablished using dsl and LMDS lines.
What would be the correct "network" parameter??
Best regards
09-12-2007 05:34 AM
The network parameter should include the interfaces where you want to run EIGRP
Can you post your network topology?
IPSec may not work well with routing protocols which use multicasts like EIGRP
HTH
Narayan
09-12-2007 05:41 AM
Ajammm.
Well I have a problem adding a backup line(this problem was posted without resolution) and because of this I?m crazy and search new routing protocols and more
09-12-2007 05:39 AM
Edgar, you will have to add all networks that have to be routed over this network.
However, I have my doubst as to if this going to work. This is because I know that multicasts (such as eigrp updates) are not forwarded over an ipsec vpn.
To overcome this problem, Cisco has developed DMVPN where a GRE tunnel is used within the IPsec link to allow just this:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html
regards,
Leo
09-12-2007 05:47 AM
Following my recent post, I only have to add a backup line.
There is a backu line configured but when the first line does not work there is not backup...
09-12-2007 05:56 AM
There may be static routes configured. Can you please post some configuration info?
regards,
Leo
09-12-2007 06:00 AM
09-12-2007 06:12 AM
Main router:
?sta es la configuraci?n en ejecuci?n de su router: 192.168.156.254
!----------------------------------------------------------------------------
!version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
!
hostname vpn1
crypto isakmp policy 1
encr 3des
authentication pre-share
lifetime 28800
crypto isakmp key xxxxxxx address IP PUBLICA VPN2 no-xauth
crypto ipsec transform-set xxxxxxxxxxxx
crypto ipsec df-bit clear
crypto map cmap-dele 100 ipsec-isakmp
set peer IP PUBLICA VPN2
set transform-set xxxxx
match address 110
ip route IP PUBLICA VPN2 IP PUBLICA LINEA PRINCIPAL LMDS permanent
ip route IP PUBLICA VPN2 ATM0/3/0.1 150 permanent LINEA BACKUP
access-list 110 permit ip 192.168.156.0 0.0.0.255 192.168.157.0 0.0.0.255
--------------------------------------------------------------------------------
Second router:
?sta es la configuraci?n en ejecuci?n de su router: 192.168.157.254
!----------------------------------------------------------------------------
!version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname vpn2
!
crypto isakmp policy 20
encr 3des
authentication pre-share
lifetime 28800
crypto isakmp key xxxxxxxx address IP PUBLICA PRINCIPAL xxxxxxx no-xauth
crypto isakmp key xxxxxxxx address IP PUBLICA BACKUP no-xauth
crypto ipsec transform-set xxxxxxxxx
crypto ipsec transform-set xxxxxxxxxxxxx
crypto ipsec df-bit clear
crypto map cmap-dele 100 ipsec-isakmp
description cedis-serlogis
set peer IP PUBLICA PRINCIPAL
set transform-set netlan
match address 110
crypto map cmap-dele 103 ipsec-isakmp
description BACKUP
set peer IP PUBLICA BACKUP
set transform-set netlan
match address 110
ip route 0.0.0.0 0.0.0.0 ATM0.1 permanent
access-list 110 permit ip 192.168.157.0 0.0.0.255 192.168.156.0 0.0.0.255
09-12-2007 06:13 AM
Interfaces configuration:
VPN1
C?digo:
--------------------------------------------------------------------------------
interface GigabitEthernet0/0
description $ETH-LAN$$FW_INSIDE$
ip address 192.168.158.254 255.255.255.0 secondary
ip address 192.168.156.254 255.255.255.0
ip access-group 102 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
interface ATM0/3/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/3/0.1 point-to-point
description $FW_OUTSIDE$
ip address ip publica
ip access-group 105 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect SDM_HIGH out
ip virtual-reassembly
no snmp trap link-status
crypto map cmap-dele
service-policy input sdmappfwp2p_SDM_HIGH
service-policy output sdmappfwp2p_SDM_HIGH
pvc 8/32
encapsulation aal5snap
--------------------------------------------------------------------------------
VPN2
C?digo:
--------------------------------------------------------------------------------
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $FW_OUTSIDE$
ip address ip publica
ip access-group 101 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
no snmp trap link-status
crypto map cmap-dele
pvc 8/32
encapsulation aal5snap
!
!
interface FastEthernet0
description $ETH-LAN$$FW_INSIDE$
ip address 192.168.157.254 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
speed auto
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide