Kingsley,
Here is the answer to your question. unicast doesn't retransmit because an acknowledgement is received. If the rekey mechanism is multicast, there is no efficient feedback mechanism by which receivers can indicate that they did not receive a rekey message, so retransmission seeks to bring all receivers up to date. If the rekey mechanism is unicast, the receivers will send an acknowledgment message Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Kingsley Charles [mailto:[email protected]] Sent: Thursday, November 11, 2010 4:28 AM To: Vybhav Ramachandran Cc: Tyson Scott; [email protected] Subject: Re: [OSL | CCIE_Security] Retransmission fo GETVPN unicast rekeys Tacack, is the retransmissions sent after rekey lifetime or rekey retransmit timeout? With regards Kings On Thu, Nov 11, 2010 at 1:14 PM, Vybhav Ramachandran <[email protected]> wrote: Hello Kings, Well, i am observing something different. After i configure rekey retransmit 10 number 6 (#rekey retransmit 10 num 6), and i shut down the GM's interface ( connecting to the KS ) after it finishes registering, the rekeys are being retransmitted 6 times by the KS. So the total number of rekeys sent are 1 + 6 = 7. I verified this using the #debug crypto gdoi event to verify this on the KS. Note :Anytime During the 7 rekey transmissions , if the KS comes up anytime in between, it gladly accepts the next rekey and responds with and ACK . But after the 7the attempt, if the KS comes up , it has to re-register( according to the doc-cd) before it can receive any more rekeys. The IOS version i'm using is 12.4(15)T10 and i'm using GNS3 to test out my topology. Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
