Hi all, In my case I can answer the question....it was my TEK policy-(I was encrypting my keys). I modified it and now it is working as expected.
Jt On Sun, Oct 2, 2011 at 4:02 PM, Jim Terry <[email protected]> wrote: > Hi all, > > I am practing multicast through the ASA with the KS on the inside and > the GM on the outside and I am finding this very spotty. The getvpn > mulitcast rekey works perfectly with GRE but when I enable > multicast/pim/rp on the ASA it has worked two out of about 10 times. > As soon as it works I save my configs and then reload or do a clear > cry gd and then issue a rekey and the next time it does not work. > > Is this spotty(and that is why there are no examples of this on CCO) > or just me?!@ > > JT > > > > On Sat, Oct 1, 2011 at 5:51 PM, Fawad Khan <[email protected]> wrote: >> If the ASA(multi context) is just passing the GRE traffic which is >> encapsulating Multicast, then its possible. Else, ASA/multi context does not >> support any multicast. >> >> >> >> FNK >> >> On Sat, Oct 1, 2011 at 2:42 PM, Derek <[email protected]> wrote: >>> >>> Diego, >>> I did some research...it appears as you said you must do it through GRE. >>> This link gives details about the setup but an additional box is setup at >>> the HUB. I'm assuming the KS can be the HUB for all the GM's as well. I >>> need to lab this up. IMO, seems like its too much multicast for CCIE >>> Security :( >>> >>> https://sites.google.com/site/amitsciscozone/home/ipsec/get-vpn-rekey-using-multicast >>> >>> On Sat, Oct 1, 2011 at 12:00 PM, >>> <[email protected]> wrote: >>>> >>>> Send CCIE_Security mailing list submissions to >>>> [email protected] >>>> >>>> To subscribe or unsubscribe via the World Wide Web, visit >>>> http://onlinestudylist.com/mailman/listinfo/ccie_security >>>> or, via email, send a message with subject or body 'help' to >>>> [email protected] >>>> >>>> You can reach the person managing the list at >>>> [email protected] >>>> >>>> When replying, please edit your Subject line so it is more specific >>>> than "Re: Contents of CCIE_Security digest..." >>>> >>>> >>>> Today's Topics: >>>> >>>> 1. Re: Multicasting query (Diego Cambronero) >>>> 2. yet another DOC CD question (Fawad Khan) >>>> 3. YB lab 2 - Q 5.2 (Dnyaneshwar Gore) >>>> >>>> >>>> ---------------------------------------------------------------------- >>>> >>>> Message: 1 >>>> Date: Fri, 30 Sep 2011 14:19:05 -0600 >>>> From: Diego Cambronero <[email protected]> >>>> To: Diego Cambronero <[email protected]> >>>> Cc: "[email protected]" >>>> <[email protected]> >>>> Subject: Re: [OSL | CCIE_Security] Multicasting query >>>> Message-ID: <[email protected]> >>>> Content-Type: text/plain; charset="us-ascii" >>>> >>>> >>>> >>>> > Hi all, >>>> > >>>> > >>>> > I would like to get a whole example of multicast getvpn passing through >>>> > a multi context ASA. Let say that the KS is in the INSIDE. >>>> > >>>> > We should configure GRE but how exactly should we configure the >>>> > multicast ?? >>>> > >>>> > Anyone has an example or a link?? >>>> -------------- next part -------------- >>>> An HTML attachment was scrubbed... >>>> URL: >>>> </archives/ccie_security/attachments/20110930/a818c42f/attachment-0001.html> >>>> >>>> ------------------------------ >>>> >>>> Message: 2 >>>> Date: Fri, 30 Sep 2011 21:59:16 -0400 >>>> From: Fawad Khan <[email protected]> >>>> To: [email protected] >>>> Subject: [OSL | CCIE_Security] yet another DOC CD question >>>> Message-ID: >>>> >>>> <caccj_th-0u4p7spu_9b5qo-v5cguhiaq4var1me46pmat7k...@mail.gmail.com> >>>> Content-Type: text/plain; charset="iso-8859-1" >>>> >>>> Hey experts, sepcially those who cleared CCIE SEC recently or those who >>>> will >>>> be giving exam in the near future. >>>> I would be grateful if you guys can provide some information about the >>>> DOC >>>> CD links available during the exam. >>>> >>>> Like for IOS 12.4T do we have all the following available in the exam ? A >>>> lot of useful informaiton comes out of , *Command Reference Guides*, >>>> *Configuration >>>> examples and TNotes*, *Configuraiton guide* and *feature guides*. >>>> >>>> >>>> http://www.cisco.com/en/US/products/ps6441/tsd_products_support_series_home.html >>>> >>>> Reference >>>> Guides<http://www.cisco.com/en/US/products/ps6441/tsd_products_support_reference_guides.html> >>>> >>>> Command >>>> References<http://www.cisco.com/en/US/products/ps6441/prod_command_reference_list.html>(52) >>>> >>>> <http://www.cisco.com/en/US/products/ps6441/prod_command_reference_list.html> >>>> >>>> Technical >>>> References<http://www.cisco.com/en/US/products/ps6441/prod_technical_reference_list.html>(2) >>>> >>>> <http://www.cisco.com/en/US/products/ps6441/prod_technical_reference_list.html> >>>> >>>> >>>> Configure<http://www.cisco.com/en/US/products/ps6441/tsd_products_support_configure.html> >>>> Configuration Examples and >>>> >>>> TechNotes<http://www.cisco.com/en/US/products/ps6441/prod_configuration_examples_list.html>(26) >>>> >>>> <http://www.cisco.com/en/US/products/ps6441/prod_configuration_examples_list.html> >>>> >>>> Configuration >>>> Guides<http://www.cisco.com/en/US/products/ps6441/products_installation_and_configuration_guides_list.html>(71) >>>> >>>> <http://www.cisco.com/en/US/products/ps6441/products_installation_and_configuration_guides_list.html> >>>> >>>> Feature >>>> Guides<http://www.cisco.com/en/US/products/ps6441/products_feature_guides_list.html>(292) >>>> >>>> <http://www.cisco.com/en/US/products/ps6441/products_feature_guides_list.html> >>>> >>>> Programming >>>> Guides<http://www.cisco.com/en/US/products/ps6441/products_programming_reference_guides_list.html>(2) >>>> >>>> <http://www.cisco.com/en/US/products/ps6441/products_programming_reference_guides_list.html> >>>> >>>> >>>> >>>> About Cisco ASA and ACS: Is the following available.? >>>> >>>> Configuration Examples and >>>> >>>> TechNotes<http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html>(169) >>>> >>>> <http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html> >>>> Describes how to configure a product in a particular network with tips >>>> and a >>>> sample network diagram. >>>> >>>> Configuration >>>> Guides<http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guides_list.html>(37) >>>> >>>> <http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guides_list.html> >>>> Detailed, step-by-step instructions >>>> >>>> thanks in advance for your kind replies. >>>> >>>> Good luck everyone, >>>> >>>> FNK. >>>> -------------- next part -------------- >>>> An HTML attachment was scrubbed... >>>> URL: >>>> </archives/ccie_security/attachments/20110930/68d6b148/attachment-0001.html> >>>> >>>> ------------------------------ >>>> >>>> Message: 3 >>>> Date: Sat, 1 Oct 2011 13:32:30 +0530 >>>> From: Dnyaneshwar Gore <[email protected]> >>>> To: [email protected] >>>> Subject: [OSL | CCIE_Security] YB lab 2 - Q 5.2 >>>> Message-ID: >>>> >>>> <caeavja_wifg6oucprfub+efdbs5pvpnclssiqqkymftrync...@mail.gmail.com> >>>> Content-Type: text/plain; charset="iso-8859-1" >>>> >>>> HI All, >>>> >>>> We need to bring down require commands privilege level form 15 to 5 in >>>> router for command authorization with ACS. >>>> >>>> One of the requirements is "Users in this group should be able to execute >>>> any show commands." >>>> >>>> Now I can see all show commands are at privilege level 1 except "show >>>> runn". >>>> I guess that command is at level 15. >>>> >>>> But YB's solution does not talk about "show runn" command. >>>> >>>> Should we include "privilege exec all level 5 show" in the solution? >>>> Because >>>> without this user at privilege level 5 can't use "show runn" command. >>>> >>>> Regards, >>>> DMG >>>> -------------- next part -------------- >>>> An HTML attachment was scrubbed... >>>> URL: >>>> </archives/ccie_security/attachments/20111001/994f88dc/attachment-0001.html> >>>> >>>> End of CCIE_Security Digest, Vol 64, Issue 1 >>>> ******************************************** >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
