Announcement

Collapse
No announcement yet.

Using EIGRP with point to point

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using EIGRP with point to point

    Ok, this is what i have, i have 2 sites that once had a ipsec tunnel between them. They now have a p2p fiber connection. Remote side has a 871 and the main site a 2821 with a HWIC-4esw. I've created vlan on each side and gave one an ip of 10.1.20.1 and the other .2. I am attempting to use EIGRP. I can ping back and forth on those interfaces, but once I remove all the DSL information and remove the default route of the ISP i can't get internet, i can still ping the other side, but its not getting internet out. Also the default route isn't being advertised nor is the network with eigrp. If i statically assign the default route at the remote side 0.0.0.0 0.0.0.0 10.1.20.1 i still don't get. I am attaching configs with the ipsec tunnel info still on, can someone tell me what i'm missing? Or if there is an easier way i'm all ears. Do i need an acl on each side for return traffic?
    Attached Files

  • #2
    Re: Using EIGRP with point to point

    Try removing this from Main:

    Code:
    deny   ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
    And this from FD:

    Code:
    deny   ip 10.1.5.0 0.0.0.255 10.1.0.0 0.0.255.255
    CCNA, Network+

    Comment


    • #3
      Re: Using EIGRP with point to point

      In regards to the Eigrp process on the Main router your Eigrp AS is 100 and the remote is AS 1. These must match for an adjacency to form. Change that and verify using

      sh ip eigrp neighbors

      This would be why your summary isnt working.

      Checking your nat on the main router looks like your acl

      ip access-list extended inet-traffic
      remark inet traffic
      deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
      deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
      deny ip 10.0.0.0 0.255.255.255 172.16.0.0 0.15.255.255
      permit ip 10.1.1.0 0.0.0.255 any

      Is your internet traffic going through the main site now? if so this only permits 10.1.1.0 and not 10.1.20.0 coming from the remote site.

      Also on the main site you have this:

      ip nat inside source route-map NAT pool PAT overload

      There is no interface specifed to overload on.

      It would help to clean up the config and take out anything thats not applicable now but the first thing is to fix the eigrp config and verify you have an active neighbor on the remote side.
      CCNA, CCNA-Security, CCNP
      CCIE Security (In Progress)

      Comment


      • #4
        Re: Using EIGRP with point to point

        yeah i caught the AS difference and made the change, i changed the ACL's also, i am attaching updated.. The eigrp is up and i can see both neighbor etc, i can ping anything on the main side from remote, just no inet yet.
        Attached Files

        Comment


        • #5
          Re: Using EIGRP with point to point

          Okay are you going through the main site for internet now?
          CCNA, CCNA-Security, CCNP
          CCIE Security (In Progress)

          Comment


          • #6
            Re: Using EIGRP with point to point

            no currently there is a DSL connection there and they connected to the main site via ipsec tunnel, i took all the DSL info out and shut down the BVI that was being used.

            Comment


            • #7
              Re: Using EIGRP with point to point

              Okay if they have there own dsl connection why did you remove the dsl config? Just remove any config related to the vpn. Also post a sh ip route please on the remote router.
              Last edited by auglan; 30th April 2010, 19:31.
              CCNA, CCNA-Security, CCNP
              CCIE Security (In Progress)

              Comment


              • #8
                Re: Using EIGRP with point to point

                because we have a 5x5 fiber connection to the main site..no sense in paying 80.00 a month for a 3.0 x 768. we have filtering and everything set up at main site

                Comment


                • #9
                  Re: Using EIGRP with point to point

                  Yes but you said they are not going through the main site for internet. So if they are not going through the main site for internet that would mean they would need a local internet connection and a config to support it.
                  CCNA, CCNA-Security, CCNP
                  CCIE Security (In Progress)

                  Comment


                  • #10
                    Re: Using EIGRP with point to point

                    you asked if they are going through main site currently, i said no, they have a DSL connection, i am trying to get them to go through the main site for internet, thus my question..lol, everything seems to be working except the internet part. I can ping back and forth just fine on the fiber, but internet is dying at the main router eigrp interface.

                    Comment


                    • #11
                      Re: Using EIGRP with point to point

                      just to clarify, in the past they used the DSL, and we installed fiber and wish to remove the DSL and allow the remote side to obtain internet from the main site.

                      Comment


                      • #12
                        Re: Using EIGRP with point to point

                        Okay so they you want them to go through the main site for internet. Did you check you ACL's and nat config on the main site like I posted?
                        CCNA, CCNA-Security, CCNP
                        CCIE Security (In Progress)

                        Comment


                        • #13
                          Re: Using EIGRP with point to point

                          yes here's what i have now
                          ip access-list extended inet-traffic
                          remark inet traffic
                          deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
                          deny ip 10.0.0.0 0.255.255.255 172.16.0.0 0.15.255.255
                          permit ip 10.1.1.0 0.0.0.255 any
                          permit ip 10.1.20.0 0.0.0.255 any
                          permit ip 10.1.5.0 0.0.0.255 any

                          ip access-list extended nonat
                          deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
                          deny ip 10.0.0.0 0.255.255.255 172.16.0.0 0.15.255.255
                          permit ip 10.1.1.0 0.0.0.255 any
                          permit ip 10.1.5.0 0.0.0.255 any
                          permit ip 10.1.20.0 0.0.0.255 any

                          Comment


                          • #14
                            Re: Using EIGRP with point to point

                            Try this:

                            interface Vlan50
                            ip address 10.1.20.1 255.255.255.0
                            ip summary-address eigrp 100 0.0.0.0 0.0.0.0 5
                            ip nat inside
                            CCNA, CCNA-Security, CCNP
                            CCIE Security (In Progress)

                            Comment


                            • #15
                              Re: Using EIGRP with point to point

                              bingo that worked, i didn't know you can nat inside on 2 interfaces..i actually learn a few things on this little project. Thanks for the help

                              Comment

                              Working...
                              X