Ohh Another question, it did said something about to not encrypt the multicast rekey and they created an ACL on the spkes and applied a Match address. Would it make any difference if I applied the denies for the multicast address on the same IPsec rule as the one that is pushed from the KS?
Mike From: mike_c...@hotmail.com To: ccie_security@onlinestudylist.com Subject: DMVPN over GETVPN with multicast rekey/Different server than the Hub. Date: Wed, 9 May 2012 14:02:18 -0600 Hi, I was doing lab 17 IPexpert. I did the configuration accordingly and I tried to apply the crypto map for GETVPN on the same interface as the tunnel interface on the spokes. Now, checking the solution, I dont see where they applied the crypto map for the GETVPN. Another thing that happened is that my GRE tunnel didnt come up that easy, I had to delete the tunnel like 4 times and even use another IP scheme. When I applied the capture on the ASA firewall I was able to see the GRE traffic with no issues. I am just scared that this latency would happen on the lab. I stopped there and that took me like 1 and a half of troubleshooting (plus I missed some commands for multicast traffic to work correctly) I just wanted to check if anyone had a similar issue while configuring this lab. Mike.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com