If I am not mistaken, On the Router 1 (inside router if Im not too Costa Rican at 9:44 PM ), you need to point the RP-address to the loopback and then on router 2, create an static Mroute towards that tunnel interface...
Try it out, if not, it will be a long long Night for me... Mike. > From: [email protected] > To: [email protected] > Date: Tue, 7 Aug 2012 03:21:28 +0000 > CC: [email protected] > Subject: Re: [OSL | CCIE_Security] GETVPN multicast rekey through GRE tunnel > > Argh... > Multicast routing has been my weakest point. Never understood the subtleties > in various pim modes ;) > Enabled it on both devices, still no luck. > > From GM: > > R2#sh cry gdoi group GETVPN-GR > Group Name : GETVPN-GR > Group Identity : 126 > Rekeys received : 0 > IPSec SA Direction : Both > Active Group Server : 1.1.1.1 > Group Server list : 1.1.1.1 > 5.5.5.5 > > GM Reregisters in : 3298 secs > Rekey Received : never > > > Rekeys received > Cumulative : 0 > After registration : 0 > > > > -----Original Message----- > From: Warrick Mitchell [mailto:[email protected]] > Sent: Monday, August 06, 2012 7:38 PM > To: Eugene Pefti > Cc: CCIE Security Maillist > Subject: Re: [OSL | CCIE_Security] GETVPN multicast rekey through GRE tunnel > > Hi Eugene, > > You need to enable multicast on both devices "ip multicast-routing" > and then on the tunnel you will need "ip pim sparse-mode" > > Cheers, > Warrick > > On Tue, Aug 7, 2012 at 10:05 AM, Eugene Pefti <[email protected]> wrote: > > Guys, > > > > I'm trying to recreate the scenario I ran into Lab 17 my own way and > > stumbled upon multicast rekeying. > > > > > > > > This is the rudimentary diagram: > > > > > > > > R1 (192.168.3.1 - KS) -----------ASA context ---------R2 > > (192.168.5.2 - GM) > > > > (loopback 1.1.1.1) > > (loopback 2.2.2.2) > > > > > > > > R1 sends key via multicasts: > > > > > > > > ip access-list extended REKEY-ACL > > > > permit udp host 1.1.1.1 eq 848 host 239.1.1.254 eq 848 > > > > > > > > I created GRE tunnel between R1 and R2 to overcome multicontext ASA > > limitation. > > > > > > > > R1: > > > > interface Tunnel126 > > > > ip address 10.10.10.1 255.255.255.0 > > > > tunnel source FastEthernet0/0 > > > > tunnel destination 192.168.5.2 > > > > > > > > R2: > > > > interface Tunnel126 > > > > ip address 10.10.10.2 255.255.255.0 > > > > tunnel source FastEthernet0/0 > > > > tunnel destination 192.168.3.1 > > > > > > > > Tunnel is up but how can I tell R1 to use this tunnel to send > > multicast rekeys ? > > > > > > > > Eugene > > > > > > > > > > > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, > > please visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > > www.PlatinumPlacement.com > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
