Re: site to site vpn and routing protocol

I will share the topology here,
----------R1(10.0.0.1)(Fasteth0/0)---------------------------------(Fasteth0/
0)(10.0.0.2)R2----------

R1 and R2 are connected back to back over Fas0/0.
Routers are 1841 running 12.4 adv security. I configured following on R1 and
replica to R2 (which i wont show since it will be just a repetition)

R1
crypto isakmp key 0 cisco address 10.0.0.2
crypto isakmp policy 1

 auth
pre-share
 encry des
 hash md5
 group 2

access-list 111 permit ip any any
crypto ipsec transform-set R1toR2 esp-des esp-md5-hmac
crypto map R1toR2 10
ipsec-isakmp

 match address 111

 set peer 10.0.0.2
 set transform-set
R1toR2

interface Fastethernet 0/0

 ip address 10.0.0.1 255.255.255.0
 crypto map R1toR2

router eigrp 1

 no auto
 network 10.0.0.0 0.0.0.255

Now
eigrp successfully forms the neighborship, i can see the packets being
encrypted/decrypted while there is no other communication then eigrp. This is
surprising for me since i remembered for sure that protocols didnt work over
ipsec since ipsec has issues with multicast packets.
________________________________
 From: Jay McMickle <jay.mcmickle_at_yahoo.com>
To: Ovais Iqbal <ovais.iqball_at_yahoo.com>
Sent: Sunday, December 9, 2012 6:55
PM
Subject: Re: site to site vpn and routing protocol
 

You'll have to see
how that's happening. Most likely the peering is going a different direction
that you think (not over the tunnel). Type "show IP EIGRP neigh or OSPF neigh"
and see what IP address and what route it's taking to get there.

Regards,
Jay
McMickle- CCIE #35355 (RS)
Sent from my iPhone 5

On Dec 9, 2012, at 7:52 AM,
Ovais Iqbal <ovais.iqball_at_yahoo.com> wrote:

No there are no tunnel
interfaces thats why i am surprised that why eigrp/ospf are able to run over
ipsec ?
>
>
>
>
>________________________________
> From: Jay McMickle
<jay.mcmickle_at_yahoo.com>
>To: Ovais Iqbal <ovais.iqball_at_yahoo.com>
>Cc:
"ccielab_at_groupstudy.com" <ccielab_at_groupstudy.com>
>Sent: Sunday, December 9,
2012 6:01 PM
>Subject: Re: site to site vpn and routing protocol
>
>All you
need is a L3 interface on each end for the adjacencies. That's why GRE over
IPSEC enables dynamic protocols.
>
>If you are peering over IPSEC, what L3
interfaces is it using? Is it going over the tunnel for the peering?
>
>Regards,
>Jay McMickle- CCIE #35355 (RS)
>Sent from my iPhone 5
>
>On Dec 9,
2012, at 3:35 AM, Ovais Iqbal <ovais.iqball_at_yahoo.com> wrote:
>
>> Hi all,
>>
>>
>> I was under the impression that if i have 2 routers connected back to
back and i run ipsec over it, routing protocols wont work. That was the main
reason we use GRE. But now when i reconfigured it on GNS3 and on real routers
(1841), i saw that neighbor adjcancies are working fine for all protocols. So
its a bit surprising for me
>>
>>
>> Blogs and organic groups at
http://www.ccie.net
>>
>>
Received on Sun Dec 09 2012 - 06:10:58 ART