Ripv2 between pfsense and cisco
-
Has someone experience with cisco?
I have a pfsense 2.0.1 (amd64) directly connected to a cisco 2691 via the LAN interface.
On the pfsense I've enabled RIPv2 on LAN with password "password".The Lan interface is 172.16.0.254
The cisco is connected with fa0/0.the cisco config is the following:
–---------------------------------------
R1#sh run
Building configuration...Current configuration : 805 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
no ip domain lookup
!
!
key chain cisco
key 1
key-string password
!
!
interface FastEthernet0/0
ip address 172.16.0.5 255.255.0.0
ip rip authentication key-chain chain cisco
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.18.0.1 255.255.0.0
duplex auto
speed auto
!
!
router rip
version 2
network 172.16.0.0
network 172.18.0.0
!
!
!
no ip http server
no ip http secure-server
!
!
control-plane
!
!line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
endR1#
debugging speaks about invalid packets but the password is OK
R1#debug ip rip
RIP protocol debugging is on
R1#
*Mar 1 10:16:54.617: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/1 (172.18.0.1)
*Mar 1 10:16:54.617: RIP: build update entries
*Mar 1 10:16:54.617: 172.16.0.0/16 via 0.0.0.0, metric 1, tag 0
R1#
*Mar 1 10:17:12.441: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (172.16.0.5)
*Mar 1 10:17:12.441: RIP: build update entries
*Mar 1 10:17:12.441: 172.18.0.0/16 via 0.0.0.0, metric 1, tag 0
R1#
*Mar 1 10:17:19.641: RIP: received packet with text authentication password <-------------------OK
*Mar 1 10:17:19.641: RIP: ignored v2 packet from 172.16.0.254 (invalid authentication) <----------------!!!!!!!!!I receive no routes of WAN and DMZ on the cisco.
Has someone any idea why there is invalid authentication? -
Alain has helped me.
The cause is a misconfiguration in cisco.
The line "ip rip authentication key-chain chain cisco" must be "ip rip authentication key-chain cisco"Louis14