Hi Marta, I did try to add the said PIM commands to R1/KS. Access-list 10 permit 239.0.0.1 ip pim rp-address 1.1.1.1 10 ip pim accept-rp 1.1.1.1
I’m still receiving rekeys via multicast on GM but errors on R1/KS still keep showing: %PIM-6-INVALID_RP_JOIN: Received (*, 224.0.1.40) Join from 10.10.10.2 for invalid RP 1.1.1.1 It’s more of an attempt to understand the mechanics of how it all works together. I just hate to memorize how it should be done in every particular case. It looks like this 224.0.1.40 address comes from PIM sparse-mode enabled on the tunnel or loopback interface. From: Marta Sokolowska [mailto:[email protected]] Sent: Tuesday, August 07, 2012 1:05 PM To: Eugene Pefti Cc: [email protected] Subject: Re: [OSL | CCIE_Security] GETVPN multicast rekey through GRE tunnel 2012/8/7 Eugene Pefti <[email protected]<mailto:[email protected]>> [...] What drives me insane is that when I add mroute on GM I got the same error messages on KS. Where’s this 224.0.1.40 coming from ? R2(config)#ip mroute 1.1.1.1 255.255.255.255 tunnel126 R1 *Aug 7 19:17:18.100: %PIM-6-INVALID_RP_JOIN: Received (*, 224.0.1.40) Join from 10.10.10.2 for invalid RP 1.1.1.1 Check if you have "ip pim rp-address 1.1.1.1" also on R1 (on the router which is KS). This message can be seen on the RP (in your case - on KS/R1) when the router doesn't have the "ip pim rp-address" command or auto-rp to announce configured (using "ip pim send-rp-announce" and "ip pim send-rp-discovery"). You can also try with "ip pim accept−rp 1.1.1.1" on R1 if you already have "ip pim rp-address 1.1.1.1" configured. Marta Sokolowska.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
