If I am not mistaken, 

On the Router 1  (inside router if Im not too Costa Rican at 9:44 PM ), you 
need to point the RP-address to the loopback and then on router 2, create an 
static Mroute towards that tunnel interface...

Try it out, if not, it will be a long long Night for me... 

Mike. 

> From: [email protected]
> To: [email protected]
> Date: Tue, 7 Aug 2012 03:21:28 +0000
> CC: [email protected]
> Subject: Re: [OSL | CCIE_Security] GETVPN multicast rekey through GRE tunnel
> 
> Argh...
> Multicast routing has been my weakest point. Never understood the subtleties 
> in various pim modes ;)
> Enabled it on both devices, still no luck.
> 
> From GM:
> 
> R2#sh cry gdoi group GETVPN-GR
>     Group Name               : GETVPN-GR
>     Group Identity           : 126
>     Rekeys received          : 0
>     IPSec SA Direction       : Both
>     Active Group Server      : 1.1.1.1
>     Group Server list        : 1.1.1.1
>                                5.5.5.5
>                                
>     GM Reregisters in        : 3298 secs
>     Rekey Received           : never
> 
> 
>     Rekeys received          
>          Cumulative          : 0
>          After registration  : 0
> 
> 
> 
> -----Original Message-----
> From: Warrick Mitchell [mailto:[email protected]] 
> Sent: Monday, August 06, 2012 7:38 PM
> To: Eugene Pefti
> Cc: CCIE Security Maillist
> Subject: Re: [OSL | CCIE_Security] GETVPN multicast rekey through GRE tunnel
> 
> Hi Eugene,
> 
> You need to enable multicast on both devices "ip multicast-routing"
> and then on the tunnel you will need "ip pim sparse-mode"
> 
> Cheers,
> Warrick
> 
> On Tue, Aug 7, 2012 at 10:05 AM, Eugene Pefti <[email protected]> wrote:
> > Guys,
> >
> > I'm trying to recreate the scenario I ran into Lab 17 my own way and 
> > stumbled upon multicast rekeying.
> >
> >
> >
> > This is the rudimentary diagram:
> >
> >
> >
> >           R1 (192.168.3.1 - KS) -----------ASA context ---------R2
> > (192.168.5.2 - GM)
> >
> > (loopback 1.1.1.1)
> > (loopback 2.2.2.2)
> >
> >
> >
> > R1 sends key via multicasts:
> >
> >
> >
> > ip access-list extended REKEY-ACL
> >
> > permit udp host 1.1.1.1 eq 848 host 239.1.1.254 eq 848
> >
> >
> >
> > I created GRE tunnel between R1 and R2 to overcome multicontext ASA 
> > limitation.
> >
> >
> >
> > R1:
> >
> > interface Tunnel126
> >
> > ip address 10.10.10.1 255.255.255.0
> >
> > tunnel source FastEthernet0/0
> >
> > tunnel destination 192.168.5.2
> >
> >
> >
> > R2:
> >
> > interface Tunnel126
> >
> > ip address 10.10.10.2 255.255.255.0
> >
> > tunnel source FastEthernet0/0
> >
> > tunnel destination 192.168.3.1
> >
> >
> >
> > Tunnel is up but how can I tell R1 to use this tunnel to send 
> > multicast rekeys ?
> >
> >
> >
> > Eugene
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > For more information regarding industry leading CCIE Lab training, 
> > please visit www.ipexpert.com
> >
> > Are you a CCNP or CCIE and looking for a job? Check out 
> > www.PlatinumPlacement.com
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please 
> visit www.ipexpert.com
> 
> Are you a CCNP or CCIE and looking for a job? Check out 
> www.PlatinumPlacement.com
                                          
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to