A general workaround would be a p-p gre tunnel over the ASA (ks to any router on the other side on asa), and enbale multicast routing on the p-p tunnel and the path upto the GMs. Regards
On Tue, Mar 9, 2010 at 2:03 PM, Michael Davis <[email protected]>wrote: > Hi – Yes it took a while. It has stopped working. When I issued the > “clear crypto isakmp” command it stopped working. So now I can try to work > out how to get the multicast through the ASA. > > > > *From:* Badar Farooq [mailto:[email protected]] > *Sent:* Tuesday, March 09, 2010 9:56 PM > *To:* Michael Davis > *Cc:* [email protected] > *Subject:* Re: [OSL | CCIE_Security] GETVPN and multicast through ASA > > > > Well, the registration would work fine. Reduce the rekey restransmit time > to minimum and run debugs on the GMs to see if you are receiving rekeys once > they are retransmitted. ( alternatively, you can change the ACL to force a > rekey). But remember, clearing GDOI on GMs or any change on GMs will cause > re-registration which will work fine. (Its unicast and in opposite > direction) > > With ASA in between multicast rekey should NOT work. But lets first make > sure its not working and then we can implement the workarounds later. > > On Tue, Mar 9, 2010 at 1:49 PM, Michael Davis < > [email protected]> wrote: > > Hi Everyone – I configured a GETVPN using 3 1760’s running 12.4 (15)T. I > put an ASA 5510 between the KS and the 2 GM’s. I set the keying as unicast > which worked fine. I changed the keying to multicast and it is still > working?? Shouldn’t I have to do something on the ASA to pass multicast > traffic for GETVPN. I vaguely remember Tyson doing this in the bootcamp to > make it work so I am a bit confused. > > Can anyone please clarify what we need to do if a getvpn using multicast > keys traverses an ASA or another router? > > Thanks > > Michael > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
