Well, the registration would work fine. Reduce the rekey restransmit time to minimum and run debugs on the GMs to see if you are receiving rekeys once they are retransmitted. ( alternatively, you can change the ACL to force a rekey). But remember, clearing GDOI on GMs or any change on GMs will cause re-registration which will work fine. (Its unicast and in opposite direction)
With ASA in between multicast rekey should NOT work. But lets first make sure its not working and then we can implement the workarounds later. On Tue, Mar 9, 2010 at 1:49 PM, Michael Davis <[email protected]>wrote: > Hi Everyone – I configured a GETVPN using 3 1760’s running 12.4 (15)T. I > put an ASA 5510 between the KS and the 2 GM’s. I set the keying as unicast > which worked fine. I changed the keying to multicast and it is still > working?? Shouldn’t I have to do something on the ASA to pass multicast > traffic for GETVPN. I vaguely remember Tyson doing this in the bootcamp to > make it work so I am a bit confused. > > Can anyone please clarify what we need to do if a getvpn using multicast > keys traverses an ASA or another router? > > Thanks > > Michael > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
