EIGRP or OSPF over WAN

I am new to cisco and testing some stuff out. I am trying to use the routing protocols EIGRP and OSPF so that 2 routers on different subnets see each other. I have 2 internet connections and each has a firewall and Cisco Router and 1 computer. I have made each LAN have a different subnet. LAN A - 172.16.116.0/22 and LAN B 172.16.120.0/22 and they each have a externa lP address. I have setup an IPsec tunel between the firewalls and these two networks are connected but the routers do not see each other. From LAN A I can connect to the firewall and computer from LAN B and vice versa but I cannot connect to the router on LAN B from LAN A and vice versa. I know that each router is sending out the hello packets for each protocol but it is not reaching the other LAN.

Here is the config of the routers

Current configuration: ! version 12.0 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname H-router ! aaa new-model aaa authentication login default local aaa authentication ppp default local enable secret 5 ! username damte password 7 ! ! ! ! ip subnet-zero ! ! ! interface Ethernet0 no ip address no ip directed-broadcast shutdown ! interface Ethernet1 ip address 172.16.120.21 255.255.252.0 *** Other router has

172.16.116.21 255.255.252.0 *** no ip directed-broadcast ! interface Serial0 no ip address no ip directed-broadcast shutdown ! router eigrp 123 network 172.16.0.0 ! router ospf 1 network 172.16.0.0 0.0.255.255 area 0 ! router rip network 172.16.0.0 ! ! router igrp 123 network 172.16.0.0 ! ip classless no ip http server ! ! line con 0 logging synchronous transport input none line vty 0 4 ! end

The only difference in the two routers is noted in *** ***

any help is much appretiated

Reply to
arell12
Loading thread data ...

The Hello packets are 'multicast' and wouldn't normally get forwarded by the firewalls. You'll have to specifically configure them to do this or have them run the same routing potocols as the routers ... OSPF should at least be an option but I doubt EIGRP will be. Do the routers need to be running two IRG's or are you just playing around?

BernieM

Reply to
BernieM

Search the Cisco site for [IPSEC GRE].

What kind are the Firewalls and do you control them?

If your router's outside address is not natted by the firewalls this will be OK. If they are nated it may be OK I don't know.

formatting link
Just miss out the "inspect" and NAT and you will be OK I think.

Reply to
anybody43

formatting link

I will try each of what you have suggested. This is a test that I am doing so thats why they are running multiple Protocols. The firewalls are controlled by me and they are m0n0walls. Question: Would this be a typical setup between a head office and a branch office? I understadn that routers route traffic between networks, but I dont understand why you would need a router in this situation.

Thanks

Reply to
arell12

Sounds like everything is working as designed. Interior gateway protocols like EIGRP and OSPF require peers to be "adjacent" (on the same physical network). You can either create adjacency by using a GRE tunnel or use a routing protocol which does not require adjacency such as BGP. See the white paper on redundant IPsec tunnels on my web site for a discussion of the issues, then head over to

formatting link
to figure out what you really want to do.

Good luck and have fun!

Reply to
Vincent C Jones

Vincent's papers are very nice. Given your recent comments "Would this be a typical setup between a head office and a branch office? " it seems that you may be able to considerably simplify your network.

Your M0n0wall firewalls are most likely routers and additional routers may well not be needed. Additionally for a simple branch office you may well be able to use static routes. If you have an alternative (backup) path then a dynamic routing protocol can make sense but that are various techniques available that make that unnecessary in many cases.

You have a bit of learning to do to make this decision yourself. If you are in a hurry you maybe need to get someone to look at it for you.

If you have no backup path use static routes.

Reply to
anybody43

formatting link
>

best to use eBGP for going through firewalls and hoping across to subnets when interfaces of each end routers are on different subnets.

Reply to
MC

I am in the learning process and this is not needed immediately. This is just some tests that I am running to help me better understand the basics. BGP is something that I know nothing about, and from what I understand it is not a small subject. I will continue to play and learn as this is all new to me. Would these interior gateway protocols be used mainly large (500+ ) LAN's?

Reply to
arell12

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.