Options
using eigrp via tunnel
amir_sp
Member Posts: 9 ■□□□□□□□□□
in CCNA & CCENT
hi dudes
i have 30 tunnel from central office to my branches.
is it possible to us EIGRP via tunnel? if yes how?
any suggestion?
i have 30 tunnel from central office to my branches.
is it possible to us EIGRP via tunnel? if yes how?
any suggestion?
Comments
-
Options
Hondabuff
Member Posts: 667 ■■■□□□□□□□
Tunnels have to be changed to GRE with IPSec.“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln -
OptionsHondabuff
Member Posts: 667 ■■■□□□□□□□
Regular IPSec VPN tunnels do not support multicast. GRE VPN tunnels support multicast which is what routing protocols run on.“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
-
OptionsHondabuff
Member Posts: 667 ■■■□□□□□□□
You are going to have to enlighten me now. I have only used VTI tunnels or GRE if running a routing protocol. I'm currently managing over 600 branches using just VTI with IPSec Profile. Or are you referring to the same concept. I set my tunnels to IP unnumbered and tunnel mode to IPSec IPV4 to allow OSPF.“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln -
Optionsamir_sp
Member Posts: 9 ■□□□□□□□□□
do u mean gre tunnel mode ?
currently im using ipip mode
plz give me information about ur branches.i would like to know more -
Options
Dieg0M
Member Posts: 861
I will give you a hint. What do the network types non-broadcast(IOS) and point-to-multipoint non-broadcast(IOS) aswell as point-to-point non-broadcast (ASA) have in common?Follow my CCDE journey at www.routingnull0.com -
Options
AwesomeGarrett
Member Posts: 257
I'm picking up what you're putting down.
EDIT: Finished a quick lab for this, works as expected. Thanks for the tip! -
Optionstheodoxa
Member Posts: 1,340 ■■■■□□□□□□
You would need to use GRE over IPSec as [others have stated] IPSec doesn't support Multicast. With a large number of branch sites, there is another option known as DMVPN (Dynamic Multipoint VPN). Basically, it allows sites to dynamically establish GRE over IPsec tunnels to one another (if branch to branch connectivity is desired). Alternatively, you could use a different routing protocol. I don't see any reason BGP wouldn't work over IPSec as it uses TCP and Neighbors are statically configured.
[EDIT] GRE over IPSec simply means that you place your EIGRP traffic in a GRE Tunnel and then encapsulate the GRE tunnel with IPSec. IPSec provides Confidentiality, Integrity, and Authentication which are not provided by GRE. You would direct the traffic over the GRE tunnel and then in your crypto map specify that GRE traffic between sites should be encrypted.
http://www.cisco.com/go/dmvpnR&S: CCENT → CCNA → CCNP → CCIE [ ]
Security: CCNA [ ]
Virtualization: VCA-DCV [ ] -
Options
d4nz1g
Member Posts: 464
I will give you a hint. What do the network types non-broadcast(IOS) and point-to-multipoint non-broadcast(IOS) aswell as point-to-point non-broadcast (ASA) have in common?
This works, but won't scale that much.
Immagine yourself configuring n+1 neighbors on each router for a huge company (considering it is a full mesh, ofc) -
OptionsDieg0M
Member Posts: 861
Indeed, this won't scale but some devices do not support GRE and only IPSEC (like ASA's).Follow my CCDE journey at www.routingnull0.com
-
Optionsd4nz1g
Member Posts: 464
Indeed, this won't scale but some devices do not support GRE and only IPSEC (like ASA's).
10/10, nailed it
