Sorry , i was wrong,  apparently the GM's are not receiving the rekey requests 
from the KS :(So what needs to be done on the asa context to get the rekey 
messages from the KS to the GM?

gm1#sh crypto gdoi gm rekey Group GET (Multicast)    Number of Rekeys received 
(cumulative)       : 0    Number of Rekeys received after registration : 0
Rekey (KEK) SA information :          dst             src             conn-id  
my-cookie  his-cookieNew     : 239.0.1.2       0.0.0.0           1028   
01BAC736   0094131BCurrent : ---             ---               ---    ---       
 ---Previous: ---             ---               ---    ---        ---

--- On Wed, 13/6/12, waleed ' <[email protected]> wrote:

From: waleed ' <[email protected]>
Subject: RE: [OSL | CCIE_Security] Rekey address
To: [email protected], "CCIE Security" <[email protected]>
Date: Wednesday, 13 June, 2012, 5:55 AM





how you checked that re key messages still recieved on GM's ?? 

Date: Wed, 13 Jun 2012 09:00:46 +0800
From: [email protected]
To: [email protected]
Subject: [OSL | CCIE_Security] Rekey address

What is the significance of the 'address ipv4 x.x.x.x' in the gdoi group 
configuration.  I was trying out a multicast rekey setup with the following 
rekey acl - access-list 150 permit udp any eq 848 host 239.0.1.2 eq 848.  And i 
didnt have the local server address configured.  So the Key server ID was 
displayed as 0.0.0.0, and everything worked.
So i was wondering when you really need the KS address configured?
And the traffic between the KS and the GM travels through an ASA context , and 
i havent done any kind of multicast configs on it. Still, the GM's receive the 
rekey
 requests. How does that work?
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com                                         
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to