05-01-2005 06:27 AM - edited 02-21-2020 01:45 PM
Why cant routing protocols like EIGRP and OSPF be tunneled through IPSec?
Apart from the GRE over IPSec, is there another solution for the same?
05-01-2005 12:04 PM
Routing protocols like EIGRP and OSPF use multicast packets for their hello messages etc. IPSec processes unicast IP packets. That is why you can not run the routing protocols directly over native IPSec tunnels.
The GRE and IPSec tunnels are the only way that I know to run a routing protocol over IPSec protected connections.
HTH
Rick
05-06-2005 09:03 AM
As stated before most routing protocols use multicast to transmit routing information and IPSEC was created for use with IP Unicast only. Depending on your VPN network design you should be able to use Reverse Route Injection instead of running the routing protocol across your VPN links. Of course the other way is to use IPSEC over GRE, which allows you to encapsulate a variety of protocols (not just IP Unicast). The following in a link to a Cisco Reverse Route Injection document.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide