Sorry , i was wrong, apparently the GM's are not receiving the rekey requests from the KS :(So what needs to be done on the asa context to get the rekey messages from the KS to the GM?
gm1#sh crypto gdoi gm rekey Group GET (Multicast) Number of Rekeys received (cumulative) : 0 Number of Rekeys received after registration : 0 Rekey (KEK) SA information : dst src conn-id my-cookie his-cookieNew : 239.0.1.2 0.0.0.0 1028 01BAC736 0094131BCurrent : --- --- --- --- ---Previous: --- --- --- --- --- --- On Wed, 13/6/12, waleed ' <[email protected]> wrote: From: waleed ' <[email protected]> Subject: RE: [OSL | CCIE_Security] Rekey address To: [email protected], "CCIE Security" <[email protected]> Date: Wednesday, 13 June, 2012, 5:55 AM how you checked that re key messages still recieved on GM's ?? Date: Wed, 13 Jun 2012 09:00:46 +0800 From: [email protected] To: [email protected] Subject: [OSL | CCIE_Security] Rekey address What is the significance of the 'address ipv4 x.x.x.x' in the gdoi group configuration. I was trying out a multicast rekey setup with the following rekey acl - access-list 150 permit udp any eq 848 host 239.0.1.2 eq 848. And i didnt have the local server address configured. So the Key server ID was displayed as 0.0.0.0, and everything worked. So i was wondering when you really need the KS address configured? And the traffic between the KS and the GM travels through an ASA context , and i havent done any kind of multicast configs on it. Still, the GM's receive the rekey requests. How does that work? _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
