BGP vs EIGRP adjacency on GRE + IPSEC tunnel
-
Hi!
Doing an practice lab about GRE implementation with BGP and EIGRP running simultaneously, I noticed that the BGP session didnt loose his peer, meanwhile, the EIGRP went down:EIGRP -> 0 172.16.16.2 Tu0 12 00:01:11 2 1470 0 6
BGP -> 172.16.16.2 4 65000 22 22 8 0 0 00:13:11 2
The logs on the router are this:
*Dec 4 18:04:14.651: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON*Dec 4 18:04:17.023: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /193.188.16.10, src_addr=
193.177.16.10, prot= 47
*Dec 4 18:04:27.623: %DUAL-5-NBRCHANGE: EIGRP-IPv4 800: Neighbor 172.16.16.2 (Tunnel0) is down: holding time expired
*Dec 4 18:05:17.211: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /193.188.16.10, src_addr=
193.177.16.10, prot= 47
*Dec 4 18:05:23.075: %DUAL-5-NBRCHANGE: EIGRP-IPv4 800: Neighbor 172.16.16.2 (Tunnel0) is up: new adjacency
Thank you so much in advantage for your help!
-
What is the question about this?
-
Hi Ronnie,
Sorry, my question is, why EIGRP went down, meanwhile BGP not?
Thanks your your time! -
So I think you better start over and progress one step at a time. Does your lab function perfectly before the addition of IPsec?
Because it sure appears there is a problem with your configuration related to IPsec. Notice the errors:
*Dec 4 18:05:17.211: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /193.188.16.10, src_addr=193.177.16.10, prot= 47
This indicates that packets are matching your access list to be IPsec protected, but they are arriving at the device WITHOUT the required encryption.
So it sure looks like your devices have been required to encrypt the EIGRP, but your configuration is broken and is not doing so.