cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
634
Views
0
Helpful
1
Replies

EIGRP thru site-to-site IPSec VPN

KSVY_KSVY_2
Level 1
Level 1

having trouble getting EIGRP to work through a IOS (2ea. 2811s) site to site IPSec VPN peer connection.  IPSec VPN is working with tunneled static route statements.  Using the basic IPSec policy and VTI interface:

crypto isakmp policy 1

authentication pre-share

group 2

crypto isakmp key "  " address 192.168.x.66

!

crypto ipsec transform-set vpn esp-3des esp-sha-hmac

crypto ipsec df-bit set

!

crypto map static-crypt 6 ipsec-isakmp

set peer 192.168.x.66

set transform-set vpn

match address 101

!

interface tunnel1

ip address 1xx.33.20.226 255.255.255.252

no ip redirects

ip mtu 1400

ip tcp adjust-mss 1360

qos pre-classify

tunnel source FastEthernet 0/0

tunnel destination 192.168.x.66

crypto map static-crypto

!

interface FastEthernet 0/0

ip add....

crypto map static-crypto

!

router eigrp 10

passive-interface default

no passive-interface FastEthernet 0/1

no passive-interface Tunnel1

network ....

network.....

no auto-summary

!

ip route 0.0.0.0 0.0.0.0 Tunnel1

ip route 0.0.0.0 0.0.0.0 146.33.20.225 <-- peer's default-gateway is VPN peer router on other side of satelite conection.

must be something simple, but I don't see it.

thanks, kevin

1 Accepted Solution

Accepted Solutions

droeun141
Level 1
Level 1

Not familiar with VTI's, but I think you're missing:

tunnel mode ipsec ipv4

tunnel protection ipsec profile

Also don't think you need crypto map on tunnel since it's already on fa0/0.  What does access-list 101 look like? Take a look at this doc:

http://www.ciscosystems.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html

View solution in original post

1 Reply 1

droeun141
Level 1
Level 1

Not familiar with VTI's, but I think you're missing:

tunnel mode ipsec ipv4

tunnel protection ipsec profile

Also don't think you need crypto map on tunnel since it's already on fa0/0.  What does access-list 101 look like? Take a look at this doc:

http://www.ciscosystems.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: