Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
684
Views
0
Helpful
1
Replies

EIGRP thru site-to-site IPSec VPN

Go to solution
KSVY_KSVY_2
Level 1
Level 1

‎04-15-2010 10:20 PM - edited ‎02-21-2020 04:36 PM

having trouble getting EIGRP to work through a IOS (2ea. 2811s) site to site IPSec VPN peer connection.  IPSec VPN is working with tunneled static route statements.  Using the basic IPSec policy and VTI interface:

crypto isakmp policy 1

authentication pre-share

group 2

crypto isakmp key "  " address 192.168.x.66

!

crypto ipsec transform-set vpn esp-3des esp-sha-hmac

crypto ipsec df-bit set

!

crypto map static-crypt 6 ipsec-isakmp

set peer 192.168.x.66

set transform-set vpn

match address 101

!

interface tunnel1

ip address 1xx.33.20.226 255.255.255.252

no ip redirects

ip mtu 1400

ip tcp adjust-mss 1360

qos pre-classify

tunnel source FastEthernet 0/0

tunnel destination 192.168.x.66

crypto map static-crypto

!

interface FastEthernet 0/0

ip add....

crypto map static-crypto

!

router eigrp 10

passive-interface default

no passive-interface FastEthernet 0/1

no passive-interface Tunnel1

network ....

network.....

no auto-summary

!

ip route 0.0.0.0 0.0.0.0 Tunnel1

ip route 0.0.0.0 0.0.0.0 146.33.20.225 <-- peer's default-gateway is VPN peer router on other side of satelite conection.

must be something simple, but I don't see it.

thanks, kevin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
droeun141
Level 1
Level 1

‎04-16-2010 04:49 AM

Not familiar with VTI's, but I think you're missing:

tunnel mode ipsec ipv4

tunnel protection ipsec profile

Also don't think you need crypto map on tunnel since it's already on fa0/0.  What does access-list 101 look like? Take a look at this doc:

http://www.ciscosystems.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html

View solution in original post

0 Helpful
1 Reply 1

Go to solution
droeun141
Level 1
Level 1

‎04-16-2010 04:49 AM

Not familiar with VTI's, but I think you're missing:

tunnel mode ipsec ipv4

tunnel protection ipsec profile

Also don't think you need crypto map on tunnel since it's already on fa0/0.  What does access-list 101 look like? Take a look at this doc:

http://www.ciscosystems.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html

0 Helpful
Customers Also Viewed These Support Documents