Asa will not pass multicast in a multiconext mode. GRE tunnel will be needed between the routers to handle the multicast rekeying if needed.
On Wednesday, June 13, 2012, Eugene Pefti wrote: > Then it matches to what Cisco guide says about "address ipv4 x.x.x.x". > You'd need it only for unicast rekeying to specify the source of unicasts. > Since you used multicast your key server ID was showing 0.0.0.0 > Interesting fact with the ASA passing multicasts. Is KS on the outside of > ASA or inside ? > > From: Deepak N <[email protected] <javascript:_e({}, 'cvml', > '[email protected]');>> > Date: Tuesday, June 12, 2012 6:00 PM > To: OSL CCIE-Security <[email protected]<javascript:_e({}, > 'cvml', '[email protected]');> > > > Subject: [OSL | CCIE_Security] Rekey address > > What is the significance of the 'address ipv4 x.x.x.x' in the gdoi > group configuration. I was trying out a multicast rekey setup with the > following rekey acl - access-list 150 permit udp any eq 848 host 239.0.1.2 > eq 848. And i didnt have the local server address configured. So the Key > server ID was displayed as 0.0.0.0, and everything worked. > > So i was wondering when you really need the KS address configured? > > And the traffic between the KS and the GM travels through an ASA context > , and i havent done any kind of multicast configs on it. Still, the GM's > receive the rekey requests. How does that work? > -- FNK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
