Hi,
First, IPSec does not carry broadcast and multicast so you typically need
GRE tunnel to encapsulate such traffic and then protect the GRE tunnel with
IPSec.
Second, do not use ANY for "interesting" traffic as this ACL will "tell" the
router to expect that every traffic coming to and going out must be
encrypted. This includes dynamic routing protocols, icmp, traceroute etc.
HTH,
-- Piotr Matusiak CCIE #19860 (R&S, SEC) Technical Instructor MicronicsTraining.com 2009/10/12 Naufal Jamal <naufalccie_at_yahoo.in> > Hi, > I have two routers dirctly connected.I configuring a site-to-site tunnel in > between them. > my config on both the routers are: > > crypto isakmp policy 10 > encr des > auth pre-share > group 2 > > crypto ipsec transform-set DEMO esp-3des > > crypto map MAP 10 ipsec-isakmp > set peer <remote ip> > set transform-set DEMO > match address TRAFFIC > > int f0/0 > crypto map MAP > > ip access ext TRAFFIC > permit ip any any > > router eigrp 10 > no auto > network 1.1.1.1 0.0.0.0 > > 1)The tunnel is showing to be up "QM-IDLE" state but when I am trying to > run > eigrp in between them its not passing the updates nor the neighborship > comes > up. > any idea what could be the problem? > > > > Keep up with people you care about with Yahoo! India Mail. Learn > how. http://in.overview.mail.yahoo.com/connectmore > > > Blogs and organic groups at http://www.ccie.net > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html Blogs and organic groups at http://www.ccie.netReceived on Mon Oct 12 2009 - 21:49:28 ART
This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:50:59 ART