Ohh Another question, it did said something about to not encrypt the multicast
rekey and they created an ACL on the spkes and applied a Match address. Would
it make any difference if I applied the denies for the multicast address on the
same IPsec rule as the one that is pushed from the KS?
Mike
From: mike_c...@hotmail.com
To: ccie_security@onlinestudylist.com
Subject: DMVPN over GETVPN with multicast rekey/Different server than the Hub.
Date: Wed, 9 May 2012 14:02:18 -0600
Hi,
I was doing lab 17 IPexpert. I did the configuration accordingly and I tried to
apply the crypto map for GETVPN on the same interface as the tunnel interface
on the spokes. Now, checking the solution, I dont see where they applied the
crypto map for the GETVPN.
Another thing that happened is that my GRE tunnel didnt come up that easy, I
had to delete the tunnel like 4 times and even use another IP scheme. When I
applied the capture on the ASA firewall I was able to see the GRE traffic with
no issues.
I am just scared that this latency would happen on the lab. I stopped there and
that took me like 1 and a half of troubleshooting (plus I missed some commands
for multicast traffic to work correctly) I just wanted to check if anyone had a
similar issue while configuring this lab.
Mike.
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
