my understanding of getvpn rekeying is a bit wayward... I did some search and found the following recomendation:
Fortunately, it is possible to mix multicast and unicast in a single GET VPN topology so long as all key servers support multicast. When deciding which transport mechanism to use, consider the following recommendations: •If all key servers and group members, and the network, support multicast, use multicast. •If all of the key servers and most of the group members support multicast, but a small number of group members do not support multicast, use multicast. Group members that do not support multicast will not receive rekey and IPsec SA updates. However, when the lifetime settings for these items are about to expire, unicast group members will reregister with the key server and obtain the new keys and IPsec SAs. •If no group members, or only a few, support multicast, use unicast. The group members will then receive rekeys and IPsec SA updates from the key server and not need to reregister to get them. It is from the Cisco CSM link :S http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.1/user/guide/vpget.html#wp619572 FNK On Mon, Jan 2, 2012 at 11:43 AM, Fawad Khan <[email protected]> wrote: > you can configure multicast on all the configurations.... if the KS is > unable to communicate over multicast, it retreats to unicast.... (may be I > am wrong but this is what I understand). > FNK > > > On Mon, Jan 2, 2012 at 11:11 AM, HA Ali <[email protected]> wrote: > >> >> in some guides it says that if majority of Group Members support unicast >> and not multicast it is recommended to use unicast rekey . >> >> >> This means that there is some limitation from ISP end and they dont >> provide muticast technology and because of this we cant run dynamic routing >> protocol and we should work on static routes and use unicast rekeys ?? >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
