Hi all, I am practing multicast through the ASA with the KS on the inside and the GM on the outside and I am finding this very spotty. The getvpn mulitcast rekey works perfectly with GRE but when I enable multicast/pim/rp on the ASA it has worked two out of about 10 times. As soon as it works I save my configs and then reload or do a clear cry gd and then issue a rekey and the next time it does not work.
Is this spotty(and that is why there are no examples of this on CCO) or just me?!@ JT On Sat, Oct 1, 2011 at 5:51 PM, Fawad Khan <[email protected]> wrote: > If the ASA(multi context) is just passing the GRE traffic which is > encapsulating Multicast, then its possible. Else, ASA/multi context does not > support any multicast. > > > > FNK > > On Sat, Oct 1, 2011 at 2:42 PM, Derek <[email protected]> wrote: >> >> Diego, >> I did some research...it appears as you said you must do it through GRE. >> This link gives details about the setup but an additional box is setup at >> the HUB. I'm assuming the KS can be the HUB for all the GM's as well. I >> need to lab this up. IMO, seems like its too much multicast for CCIE >> Security :( >> >> https://sites.google.com/site/amitsciscozone/home/ipsec/get-vpn-rekey-using-multicast >> >> On Sat, Oct 1, 2011 at 12:00 PM, >> <[email protected]> wrote: >>> >>> Send CCIE_Security mailing list submissions to >>> [email protected] >>> >>> To subscribe or unsubscribe via the World Wide Web, visit >>> http://onlinestudylist.com/mailman/listinfo/ccie_security >>> or, via email, send a message with subject or body 'help' to >>> [email protected] >>> >>> You can reach the person managing the list at >>> [email protected] >>> >>> When replying, please edit your Subject line so it is more specific >>> than "Re: Contents of CCIE_Security digest..." >>> >>> >>> Today's Topics: >>> >>> 1. Re: Multicasting query (Diego Cambronero) >>> 2. yet another DOC CD question (Fawad Khan) >>> 3. YB lab 2 - Q 5.2 (Dnyaneshwar Gore) >>> >>> >>> ---------------------------------------------------------------------- >>> >>> Message: 1 >>> Date: Fri, 30 Sep 2011 14:19:05 -0600 >>> From: Diego Cambronero <[email protected]> >>> To: Diego Cambronero <[email protected]> >>> Cc: "[email protected]" >>> <[email protected]> >>> Subject: Re: [OSL | CCIE_Security] Multicasting query >>> Message-ID: <[email protected]> >>> Content-Type: text/plain; charset="us-ascii" >>> >>> >>> >>> > Hi all, >>> > >>> > >>> > I would like to get a whole example of multicast getvpn passing through >>> > a multi context ASA. Let say that the KS is in the INSIDE. >>> > >>> > We should configure GRE but how exactly should we configure the >>> > multicast ?? >>> > >>> > Anyone has an example or a link?? >>> -------------- next part -------------- >>> An HTML attachment was scrubbed... >>> URL: >>> </archives/ccie_security/attachments/20110930/a818c42f/attachment-0001.html> >>> >>> ------------------------------ >>> >>> Message: 2 >>> Date: Fri, 30 Sep 2011 21:59:16 -0400 >>> From: Fawad Khan <[email protected]> >>> To: [email protected] >>> Subject: [OSL | CCIE_Security] yet another DOC CD question >>> Message-ID: >>> >>> <caccj_th-0u4p7spu_9b5qo-v5cguhiaq4var1me46pmat7k...@mail.gmail.com> >>> Content-Type: text/plain; charset="iso-8859-1" >>> >>> Hey experts, sepcially those who cleared CCIE SEC recently or those who >>> will >>> be giving exam in the near future. >>> I would be grateful if you guys can provide some information about the >>> DOC >>> CD links available during the exam. >>> >>> Like for IOS 12.4T do we have all the following available in the exam ? A >>> lot of useful informaiton comes out of , *Command Reference Guides*, >>> *Configuration >>> examples and TNotes*, *Configuraiton guide* and *feature guides*. >>> >>> >>> http://www.cisco.com/en/US/products/ps6441/tsd_products_support_series_home.html >>> >>> Reference >>> Guides<http://www.cisco.com/en/US/products/ps6441/tsd_products_support_reference_guides.html> >>> >>> Command >>> References<http://www.cisco.com/en/US/products/ps6441/prod_command_reference_list.html>(52) >>> >>> <http://www.cisco.com/en/US/products/ps6441/prod_command_reference_list.html> >>> >>> Technical >>> References<http://www.cisco.com/en/US/products/ps6441/prod_technical_reference_list.html>(2) >>> >>> <http://www.cisco.com/en/US/products/ps6441/prod_technical_reference_list.html> >>> >>> >>> Configure<http://www.cisco.com/en/US/products/ps6441/tsd_products_support_configure.html> >>> Configuration Examples and >>> >>> TechNotes<http://www.cisco.com/en/US/products/ps6441/prod_configuration_examples_list.html>(26) >>> >>> <http://www.cisco.com/en/US/products/ps6441/prod_configuration_examples_list.html> >>> >>> Configuration >>> Guides<http://www.cisco.com/en/US/products/ps6441/products_installation_and_configuration_guides_list.html>(71) >>> >>> <http://www.cisco.com/en/US/products/ps6441/products_installation_and_configuration_guides_list.html> >>> >>> Feature >>> Guides<http://www.cisco.com/en/US/products/ps6441/products_feature_guides_list.html>(292) >>> >>> <http://www.cisco.com/en/US/products/ps6441/products_feature_guides_list.html> >>> >>> Programming >>> Guides<http://www.cisco.com/en/US/products/ps6441/products_programming_reference_guides_list.html>(2) >>> >>> <http://www.cisco.com/en/US/products/ps6441/products_programming_reference_guides_list.html> >>> >>> >>> >>> About Cisco ASA and ACS: Is the following available.? >>> >>> Configuration Examples and >>> >>> TechNotes<http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html>(169) >>> >>> <http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html> >>> Describes how to configure a product in a particular network with tips >>> and a >>> sample network diagram. >>> >>> Configuration >>> Guides<http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guides_list.html>(37) >>> >>> <http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guides_list.html> >>> Detailed, step-by-step instructions >>> >>> thanks in advance for your kind replies. >>> >>> Good luck everyone, >>> >>> FNK. >>> -------------- next part -------------- >>> An HTML attachment was scrubbed... >>> URL: >>> </archives/ccie_security/attachments/20110930/68d6b148/attachment-0001.html> >>> >>> ------------------------------ >>> >>> Message: 3 >>> Date: Sat, 1 Oct 2011 13:32:30 +0530 >>> From: Dnyaneshwar Gore <[email protected]> >>> To: [email protected] >>> Subject: [OSL | CCIE_Security] YB lab 2 - Q 5.2 >>> Message-ID: >>> >>> <caeavja_wifg6oucprfub+efdbs5pvpnclssiqqkymftrync...@mail.gmail.com> >>> Content-Type: text/plain; charset="iso-8859-1" >>> >>> HI All, >>> >>> We need to bring down require commands privilege level form 15 to 5 in >>> router for command authorization with ACS. >>> >>> One of the requirements is "Users in this group should be able to execute >>> any show commands." >>> >>> Now I can see all show commands are at privilege level 1 except "show >>> runn". >>> I guess that command is at level 15. >>> >>> But YB's solution does not talk about "show runn" command. >>> >>> Should we include "privilege exec all level 5 show" in the solution? >>> Because >>> without this user at privilege level 5 can't use "show runn" command. >>> >>> Regards, >>> DMG >>> -------------- next part -------------- >>> An HTML attachment was scrubbed... >>> URL: >>> </archives/ccie_security/attachments/20111001/994f88dc/attachment-0001.html> >>> >>> End of CCIE_Security Digest, Vol 64, Issue 1 >>> ******************************************** >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
