or SVTI which is more useful for site to site tunnels :)
--
Piotr Matusiak
CCIE #19860 (R&S, Security), CCSI #33705
Technical Instructor
website: www.MicronicsTraining.com
blog: www.ccie1.com
�If you can't explain it simply, you don't understand it well enough� -
Albert Einstein
2010/10/31 Piotr Matusiak <pitt2k_at_gmail.com>
> Hi,
>
> IPSec does not support multicast traffic so that you cannot encrypt EIGRP
> natively.
> To solve that issue you must use GRE tunnel between two routers, enable
> EIGRP on it and then specify GRE traffic in the Crypto ACL (or use tunnel
> protection command on the tunnel).
> Another solution would be to use DVTI (Dynamic Virtual Interface) which is
> interface tunnel with IPSec encapsulation.
>
> HTH,
> --
> Piotr Matusiak
> CCIE #19860 (R&S, Security), CCSI #33705
> Technical Instructor
> website: www.MicronicsTraining.com
> blog: www.ccie1.com
>
> �If you can't explain it simply, you don't understand it well enough� -
> Albert Einstein
>
>
> 2010/10/31 Naufal Jamal <naufalccie_at_yahoo.in>
>
> Hi,
>> I am trying to make ipsec over eigrp. I am receiving the following error
>> message. Can anyone tell me the possible cause for this please? Eigrp
>> works
>> fine otherwise.
>> *Mar 1 00:21:27.563: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an
>> IPSEC
>> packet. (ip) dest_addr= 224.0.0.10, src_addr= 1.1.1.2, prot= 88
>> Config:
>> crypto isakmp policy 1 hash md5 authentication pre-share group 2 lifetime
>> 500crypto isakmp key cisco address 1.1.1.2crypto ipsec transform-set TEST
>> esp-aes!crypto map VPN 10 ipsec-isakmp set peer 1.1.1.2 set transform-set
>> TEST match address 101
>> interface FastEthernet0/0 ip address 1.1.1.1 255.255.255.0 duplex auto
>> speed
>> auto crypto map VPN
>> router eigrp 20 network 1.1.1.1 0.0.0.0 no auto-summary
>> access-list 101 permit ip any any
>> R2:
>> crypto isakmp policy 1 hash md5 authentication pre-share group 2 lifetime
>> 500crypto isakmp key cisco address 1.1.1.1
>> crypto ipsec transform-set TEST esp-aes!crypto map VPN 10 ipsec-isakmp set
>> peer 1.1.1.1 set transform-set TEST match address 101interface
>> FastEthernet0/0 ip address 1.1.1.2 255.255.255.0 duplex auto speed auto
>> crypto
>> map VPN!router eigrp 20 network 1.1.1.2 0.0.0.0 no auto-summary
>> access-list 101 permit ip any any
>> Thank you,Naufal Jamal
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Oct 31 2010 - 10:22:18 ART