Solved: Problems with EIGRP

samipk1234 · ‎08-31-2021

I have been stumped with this problem I have between routers and I hope some of you gurus can help as you are my last hope.

The Problem

Above is my lab setup, below is the problem I am having

Router R3 is unable to communicate with the internal ips of R4, also getting retry limit exceeding messages on R3.
Router R4 is only sending Hello packets and not receiving any.
Both of them can ping each other on the 192.168.31.0 ips
R4 can ping 192.168.10.0 ips of R3 but not the 10.10.10.0 ips

Below are the Errors

R3#%DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.31.164 (FastEthernet0/0) is down: retry limit exceeded
R3# %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.31.164 (FastEthernet0/0) is up: new adjacency

R3#sh ip eigrp neighbors
IP-EIGRP neighbors for process 100

2 192.168.31.164 Fa0/0 11 00:00:03 1 3000 2 0
1 20.20.20.2 Se0/1 12 01:33:03 5 200 0 8
0 10.10.10.2 Se0/0 13 01:33:03 1 200 0 7

R4#sh ip eigrp neighbors
IP-EIGRP neighbors for process 100

What I have as configuration:

I am using NAT on R3 as well as configured isakmp vpn on both of the routers which of course isnt working as both of them cant communicate well.
I have access-lists on R3 routers for NAT named NAT_ALLOWED_ADDRESS and access-list 100 for vpn, both pasted below

ip access-list standard NAT_ALLOWED_ADDRESS
permit 192.168.0.0 0.0.255.255
permit 20.20.0.0 0.0.255.255
permit 10.10.0.0 0.0.255.255
permit 192.158.15.0 0.0.0.255
permit 192.168.15.0 0.0.0.255

access-list 100 permit ip 192.168.10.0 0.0.0.255 192.158.15.0 0.0.0.255
access-list 100 permit ip 10.10.0.0 0.0.255.255 192.158.15.0 0.0.0.255

I have access-list100 on R4 for vpn, pasted below

access-list 100 permit ip 192.168.31.0 0.0.0.255 192.158.15.0 0.0.0.255
access-list 100 permit ip 192.158.15.0 0.0.0.255 10.10.0.0 0.0.255.255

The Copy of R3 Configuation

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R3
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
no ip domain lookup

ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip tcp synwait-time 5
!
crypto isakmp policy 1

authentication pre-share
crypto isakmp key cisco address 192.168.31.164
!
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
!
crypto map MYMAP 1 ipsec-isakmp
set peer 192.168.31.164
set transform-set MYSET
match address 100
!
interface FastEthernet0/0
ip address 192.168.31.163 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map MYMAP

interface Serial0/0
ip address 10.10.10.1 255.255.0.0
ip nat inside
ip virtual-reassembly
clock rate 2000000
!
!
interface Serial0/1
ip address 20.20.20.1 255.255.0.0
ip nat inside
ip virtual-reassembly
clock rate 2000000

router eigrp 100
network 10.10.0.0 0.0.255.255
network 20.20.0.0 0.0.255.255
network 192.168.31.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.31.1
!
!
no ip http server
no ip http secure-server
ip nat inside source list NAT_ALLOWED_ADDRESS interface FastEthernet0/0 overload
!
ip access-list standard NAT_ALLOWED_ADDRESS
permit 192.168.0.0 0.0.255.255
permit 20.20.0.0 0.0.255.255
permit 10.10.0.0 0.0.255.255
permit 192.158.15.0 0.0.0.255
permit 192.168.15.0 0.0.0.255
!
access-list 100 permit ip 192.168.10.0 0.0.0.255 192.158.15.0 0.0.0.255

access-list 100 permit ip 10.10.0.0 0.0.255.255 192.158.15.0 0.0.0.255
no cdp log mismatch duplex
!

The Copy of R4 Configuation

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
no ip domain lookup

ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
ip tcp synwait-time 5
!
crypto isakmp policy 1

authentication pre-share
crypto isakmp key cisco address 192.168.31.163
!
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
!
crypto map MYMAP 1 ipsec-isakmp
set peer 192.168.31.163
set transform-set MYSET
match address 100
!
!
interface FastEthernet0/0
ip address 192.168.31.164 255.255.255.0
duplex auto
speed auto
crypto map MYMAP

interface FastEthernet0/1
ip address 192.158.15.1 255.255.255.0
duplex auto
speed auto

router eigrp 100
network 192.158.15.0
network 192.168.31.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.31.1
!
!
no ip http server
no ip http secure-server
!
access-list 100 permit ip 192.168.31.0 0.0.0.255 192.158.15.0 0.0.0.255
access-list 100 permit ip 192.158.15.0 0.0.0.255 10.10.0.0 0.0.255.255
no cdp log mismatch duplex

Giuseppe Larosa · ‎09-01-2021

Hello @samipk1234 ,

remove the crypto map configuration and try again.

consider also to remove the NAT configuration,

You need to start from a basic setup and then add one feature at a time.

Clearly one of the two features listed above is interfering with EIGRP causing EIGRP neighborship to fail to form.

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎09-01-2021

Hello @samipk1234 ,

remove the crypto map configuration and try again.

consider also to remove the NAT configuration,

You need to start from a basic setup and then add one feature at a time.

Clearly one of the two features listed above is interfering with EIGRP causing EIGRP neighborship to fail to form.

Hope to help

Giuseppe

samipk1234 · ‎09-01-2021

I will try by removing the VPN configuration, also can you please tell me if maybe it's necessary to have NAT enabled on both R3 and R4 for them to communicate?

Giuseppe Larosa · ‎09-01-2021

Hello @samipk1234 ,

as far as I can see there is no need for NAT in your lab.

By the way using EIGRP would mean you have something to advertise ( IP prefixes or subnets)

So NAT could make EIGRP useless

Hope to help

Giuseppe

MHM Cisco World · ‎09-01-2021

if the multicast is OK and unicast is not check the SW connect both router, check the VLAN config if you config router in stick.

samipk1234 · ‎09-02-2021

I ended up deleting my NAT config and everything works.