Hi Kings and Tacack, thanks for your replies!
I've just tried the config changes suggested but still the same behaviour,
the rekey is only sent out the loopback interface. I even tried reloading
the routers after the config change just for good measure, but still the
same behaviour. I think I've burned so much time on this now it might be
time to call it a bug and move on since my routers won't run IOS later than
12.4(15)T. Perhaps this is one of those cases where I should just trust the
solution guide is right :) It's frustrating though, I'd rather be 100% sure
the problem is IOS and not me.
R2#show run | sec crypto gdoi
crypto isakmp policy 10
encr aes
authentication pre-share
group 5
crypto isakmp key ipexpert address 0.0.0.0 0.0.0.0
crypto ipsec transform-set TSET1 esp-aes 256 esp-sha-hmac
crypto ipsec profile ISAPROF1
set transform-set TSET1
crypto gdoi group GETVPN1
identity address ipv4 2.2.2.2
server local
rekey algorithm aes 192
rekey address ipv4 121
rekey lifetime seconds 600
rekey retransmit 10 number 2
rekey authentication mypubkey rsa R2.ipexpert.com
sa ipsec 1
profile ISAPROF1
match address ipv4 122
replay counter window-size 64
address ipv4 2.2.2.2
R2#
R2#show ip access-l 101
Extended IP access list 101
10 permit ip any host 239.0.1.2 (11 matches)
R2#debug ip packet 101
IP packet debugging is on for access list 101
R2#
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#crypto gdoi group GETVPN1
R2(config-gdoi-group)# server local
R2(gdoi-local-server)#no address ipv4 2.2.2.2
R2(config)#ip access-l ex 122
R2(config-ext-nacl)#no 30
R2(config-ext-nacl)#^Z
R2#
*Mar 1 00:07:40.922: %SYS-5-CONFIG_I: Configured from console by console
*Mar 1 00:07:41.034: IP: s=2.2.2.2 (local), d=239.0.1.2 (Loopback0), len
1080, sending broad/multicast
*Mar 1 00:07:41.038: %GDOI-5-KS_SEND_MCAST_REKEY: Sending Multicast Rekey
for group GETVPN1 from address 2.2.2.2 to 239.0.1.2 with seq # 1
R2#
*Mar 1 00:07:41.050: IP: s=2.2.2.2 (Loopback0), d=239.0.1.2, len 1080,
unroutable
R2#
*Mar 1 00:07:51.154: IP: s=2.2.2.2 (local), d=239.0.1.2 (Loopback0), len
1080, sending broad/multicast
*Mar 1 00:07:51.162: %GDOI-5-KS_SEND_MCAST_REKEY: Sending Multicast Rekey
for group GETVPN1 from address 2.2.2.2 to 239.0.1.2 with seq # 2
R2#
R2#
*Mar 1 00:07:51.170: IP: s=2.2.2.2 (Loopback0), d=239.0.1.2, len 1080,
unroutable
R2#
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
