cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
663
Views
0
Helpful
4
Replies

Site to Site VPN and EIGRP

collinsjl
Level 1
Level 1

We have 2 ASA's,

5515X running 9.1(5)

and an old 5510 8.2(5)

 

There is a switch stack behind each on them on the inside with EIGRP 200 running.  I set up EIGRP 200 on both ASA's but the neighbor state does not come up with the Site to Site VPN.  What are the steps to allow that to happen.

rc1asa01(config)# sh eigrp neighbors AT&T_1
EIGRP-IPv4 neighbors for process 200
 EIGRP not enabled on requested interface


rc1asa01(config)# sh eigrp neighbors        
EIGRP-IPv4 neighbors for process 200
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq 

                                                         (sec)               (ms)            Cnt Num
0   10.40.1.1                inside           13                 1w1d 1   200   0   10525

 

Once I get that to work I need to address the backhaul T-1 that goes between the sites and is runing EIGRP 200 as well.  I am hopping that once I get the protocol working between the Site to Site VPN the variance will kick in and the route will be selected to go out the SITE to Site VPN with the T-1 as a backup.

 

 

 

 

4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

You can't form a neighbor adjacency on your outside interface since the remote ASA is across your ISP's WAN.

You have to setup static routes with weights and possibly object tracking (ip sla) to accomplish what you're describing.

There has got to be a work around.  If you can get EIGRP up in a GRE tunnel why cant I use the Site to Site VPN to do the same thing?

The only workaround you can have is to run OSPF on the WAN link and follow this configuration guide.

 

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63882-gre-ipsec-ospf.html

 

With EIGRP the only workaround is encapsulating the packets with GRE and you will need routers for that.

 

Best Regards,

 

Yamil

I will see if I can lab that up.  Thanks.  Figure they would have a more up to date doc though that covers 9.X and ASDM 7.X