Yeah, but I was referring to the KS server ipv4 address.. I agree without the Multicast address rekey is not gonna work... in fact is going to tell you that the configuration is incomplete.
Date: Thu, 14 Jun 2012 08:07:37 +0530 Subject: Re: [OSL | CCIE_Security] Rekey address From: [email protected] To: [email protected] CC: [email protected]; [email protected]; [email protected] Mike, we need an address for multicast as I observed that the GMs didn't accept the rekeys, if there address is different. On safer side always configure address for both modes. With regards Kngs On Wed, Jun 13, 2012 at 8:42 PM, Mike Rojas <[email protected]> wrote: Nope, a Server address is not needed when configuring GET, I guess Kings already responded to this. Ill look for his e-mail Date: Wed, 13 Jun 2012 08:48:08 -0400 From: [email protected] To: [email protected] CC: [email protected] Subject: Re: [OSL | CCIE_Security] Rekey address Asa will not pass multicast in a multiconext mode. GRE tunnel will be needed between the routers to handle the multicast rekeying if needed. On Wednesday, June 13, 2012, Eugene Pefti wrote: Then it matches to what Cisco guide says about "address ipv4 x.x.x.x". You'd need it only for unicast rekeying to specify the source of unicasts. Since you used multicast your key server ID was showing 0.0.0.0 Interesting fact with the ASA passing multicasts. Is KS on the outside of ASA or inside ? From: Deepak N <[email protected]> Date: Tuesday, June 12, 2012 6:00 PM To: OSL CCIE-Security <[email protected]> Subject: [OSL | CCIE_Security] Rekey address What is the significance of the 'address ipv4 x.x.x.x' in the gdoi group configuration. I was trying out a multicast rekey setup with the following rekey acl - access-list 150 permit udp any eq 848 host 239.0.1.2 eq 848. And i didnt have the local server address configured. So the Key server ID was displayed as 0.0.0.0, and everything worked. So i was wondering when you really need the KS address configured? And the traffic between the KS and the GM travels through an ASA context , and i havent done any kind of multicast configs on it. Still, the GM's receive the rekey requests. How does that work? -- FNK _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
