Jim, If possible can you post the config and the topology. To practice
El 02/10/2011, a las 04:37 p.m., Jim Terry <[email protected]> escribió: > Hi all, > > In my case I can answer the question....it was my TEK policy-(I was > encrypting my keys). I modified it and now it is working as expected. > > Jt > > > > On Sun, Oct 2, 2011 at 4:02 PM, Jim Terry <[email protected]> wrote: >> Hi all, >> >> I am practing multicast through the ASA with the KS on the inside and >> the GM on the outside and I am finding this very spotty. The getvpn >> mulitcast rekey works perfectly with GRE but when I enable >> multicast/pim/rp on the ASA it has worked two out of about 10 times. >> As soon as it works I save my configs and then reload or do a clear >> cry gd and then issue a rekey and the next time it does not work. >> >> Is this spotty(and that is why there are no examples of this on CCO) >> or just me?!@ >> >> JT >> >> >> >> On Sat, Oct 1, 2011 at 5:51 PM, Fawad Khan <[email protected]> wrote: >>> If the ASA(multi context) is just passing the GRE traffic which is >>> encapsulating Multicast, then its possible. Else, ASA/multi context does not >>> support any multicast. >>> >>> >>> >>> FNK >>> >>> On Sat, Oct 1, 2011 at 2:42 PM, Derek <[email protected]> wrote: >>>> >>>> Diego, >>>> I did some research...it appears as you said you must do it through GRE. >>>> This link gives details about the setup but an additional box is setup at >>>> the HUB. I'm assuming the KS can be the HUB for all the GM's as well. I >>>> need to lab this up. IMO, seems like its too much multicast for CCIE >>>> Security :( >>>> >>>> https://sites.google.com/site/amitsciscozone/home/ipsec/get-vpn-rekey-using-multicast >>>> >>>> On Sat, Oct 1, 2011 at 12:00 PM, >>>> <[email protected]> wrote: >>>>> >>>>> Send CCIE_Security mailing list submissions to >>>>> [email protected] >>>>> >>>>> To subscribe or unsubscribe via the World Wide Web, visit >>>>> http://onlinestudylist.com/mailman/listinfo/ccie_security >>>>> or, via email, send a message with subject or body 'help' to >>>>> [email protected] >>>>> >>>>> You can reach the person managing the list at >>>>> [email protected] >>>>> >>>>> When replying, please edit your Subject line so it is more specific >>>>> than "Re: Contents of CCIE_Security digest..." >>>>> >>>>> >>>>> Today's Topics: >>>>> >>>>> 1. Re: Multicasting query (Diego Cambronero) >>>>> 2. yet another DOC CD question (Fawad Khan) >>>>> 3. YB lab 2 - Q 5.2 (Dnyaneshwar Gore) >>>>> >>>>> >>>>> ---------------------------------------------------------------------- >>>>> >>>>> Message: 1 >>>>> Date: Fri, 30 Sep 2011 14:19:05 -0600 >>>>> From: Diego Cambronero <[email protected]> >>>>> To: Diego Cambronero <[email protected]> >>>>> Cc: "[email protected]" >>>>> <[email protected]> >>>>> Subject: Re: [OSL | CCIE_Security] Multicasting query >>>>> Message-ID: <[email protected]> >>>>> Content-Type: text/plain; charset="us-ascii" >>>>> >>>>> >>>>> >>>>>> Hi all, >>>>>> >>>>>> >>>>>> I would like to get a whole example of multicast getvpn passing through >>>>>> a multi context ASA. Let say that the KS is in the INSIDE. >>>>>> >>>>>> We should configure GRE but how exactly should we configure the >>>>>> multicast ?? >>>>>> >>>>>> Anyone has an example or a link?? >>>>> -------------- next part -------------- >>>>> An HTML attachment was scrubbed... >>>>> URL: >>>>> </archives/ccie_security/attachments/20110930/a818c42f/attachment-0001.html> >>>>> >>>>> ------------------------------ >>>>> >>>>> Message: 2 >>>>> Date: Fri, 30 Sep 2011 21:59:16 -0400 >>>>> From: Fawad Khan <[email protected]> >>>>> To: [email protected] >>>>> Subject: [OSL | CCIE_Security] yet another DOC CD question >>>>> Message-ID: >>>>> >>>>> <caccj_th-0u4p7spu_9b5qo-v5cguhiaq4var1me46pmat7k...@mail.gmail.com> >>>>> Content-Type: text/plain; charset="iso-8859-1" >>>>> >>>>> Hey experts, sepcially those who cleared CCIE SEC recently or those who >>>>> will >>>>> be giving exam in the near future. >>>>> I would be grateful if you guys can provide some information about the >>>>> DOC >>>>> CD links available during the exam. >>>>> >>>>> Like for IOS 12.4T do we have all the following available in the exam ? A >>>>> lot of useful informaiton comes out of , *Command Reference Guides*, >>>>> *Configuration >>>>> examples and TNotes*, *Configuraiton guide* and *feature guides*. >>>>> >>>>> >>>>> http://www.cisco.com/en/US/products/ps6441/tsd_products_support_series_home.html >>>>> >>>>> Reference >>>>> Guides<http://www.cisco.com/en/US/products/ps6441/tsd_products_support_reference_guides.html> >>>>> >>>>> Command >>>>> References<http://www.cisco.com/en/US/products/ps6441/prod_command_reference_list.html>(52) >>>>> >>>>> <http://www.cisco.com/en/US/products/ps6441/prod_command_reference_list.html> >>>>> >>>>> Technical >>>>> References<http://www.cisco.com/en/US/products/ps6441/prod_technical_reference_list.html>(2) >>>>> >>>>> <http://www.cisco.com/en/US/products/ps6441/prod_technical_reference_list.html> >>>>> >>>>> >>>>> Configure<http://www.cisco.com/en/US/products/ps6441/tsd_products_support_configure.html> >>>>> Configuration Examples and >>>>> >>>>> TechNotes<http://www.cisco.com/en/US/products/ps6441/prod_configuration_examples_list.html>(26) >>>>> >>>>> <http://www.cisco.com/en/US/products/ps6441/prod_configuration_examples_list.html> >>>>> >>>>> Configuration >>>>> Guides<http://www.cisco.com/en/US/products/ps6441/products_installation_and_configuration_guides_list.html>(71) >>>>> >>>>> <http://www.cisco.com/en/US/products/ps6441/products_installation_and_configuration_guides_list.html> >>>>> >>>>> Feature >>>>> Guides<http://www.cisco.com/en/US/products/ps6441/products_feature_guides_list.html>(292) >>>>> >>>>> <http://www.cisco.com/en/US/products/ps6441/products_feature_guides_list.html> >>>>> >>>>> Programming >>>>> Guides<http://www.cisco.com/en/US/products/ps6441/products_programming_reference_guides_list.html>(2) >>>>> >>>>> <http://www.cisco.com/en/US/products/ps6441/products_programming_reference_guides_list.html> >>>>> >>>>> >>>>> >>>>> About Cisco ASA and ACS: Is the following available.? >>>>> >>>>> Configuration Examples and >>>>> >>>>> TechNotes<http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html>(169) >>>>> >>>>> <http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html> >>>>> Describes how to configure a product in a particular network with tips >>>>> and a >>>>> sample network diagram. >>>>> >>>>> Configuration >>>>> Guides<http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guides_list.html>(37) >>>>> >>>>> <http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guides_list.html> >>>>> Detailed, step-by-step instructions >>>>> >>>>> thanks in advance for your kind replies. >>>>> >>>>> Good luck everyone, >>>>> >>>>> FNK. >>>>> -------------- next part -------------- >>>>> An HTML attachment was scrubbed... >>>>> URL: >>>>> </archives/ccie_security/attachments/20110930/68d6b148/attachment-0001.html> >>>>> >>>>> ------------------------------ >>>>> >>>>> Message: 3 >>>>> Date: Sat, 1 Oct 2011 13:32:30 +0530 >>>>> From: Dnyaneshwar Gore <[email protected]> >>>>> To: [email protected] >>>>> Subject: [OSL | CCIE_Security] YB lab 2 - Q 5.2 >>>>> Message-ID: >>>>> >>>>> <caeavja_wifg6oucprfub+efdbs5pvpnclssiqqkymftrync...@mail.gmail.com> >>>>> Content-Type: text/plain; charset="iso-8859-1" >>>>> >>>>> HI All, >>>>> >>>>> We need to bring down require commands privilege level form 15 to 5 in >>>>> router for command authorization with ACS. >>>>> >>>>> One of the requirements is "Users in this group should be able to execute >>>>> any show commands." >>>>> >>>>> Now I can see all show commands are at privilege level 1 except "show >>>>> runn". >>>>> I guess that command is at level 15. >>>>> >>>>> But YB's solution does not talk about "show runn" command. >>>>> >>>>> Should we include "privilege exec all level 5 show" in the solution? >>>>> Because >>>>> without this user at privilege level 5 can't use "show runn" command. >>>>> >>>>> Regards, >>>>> DMG >>>>> -------------- next part -------------- >>>>> An HTML attachment was scrubbed... >>>>> URL: >>>>> </archives/ccie_security/attachments/20111001/994f88dc/attachment-0001.html> >>>>> >>>>> End of CCIE_Security Digest, Vol 64, Issue 1 >>>>> ******************************************** >>>> >>>> >>>> _______________________________________________ >>>> For more information regarding industry leading CCIE Lab training, please >>>> visit www.ipexpert.com >>>> >>>> Are you a CCNP or CCIE and looking for a job? Check out >>>> www.PlatinumPlacement.com >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >> > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
