Re: IPSec question

From: Shadi (ccie@xxxxxxxxxxxxxxxx)
Date: Tue Mar 05 2002 - 04:28:26 GMT-3

• Next message: Spoerr, Mathias: "AW: IPSec question"
• Previous message: Ahmed Mamoor Amimi: "Re: All about "distance" command - compact summary."
• Maybe in reply to: Lab Candidate: "IPSec question"
• Next in thread: Lab Candidate: "Re: IPSec question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi all,

Does IPsec work with Multicasting, I was trying to encrypte a link between
two routers having OSPF routing protocol between them, they could not make
adjancy between them, and it says that IPsec is not encryoting 224.0.0.5

So is there any way to make IPSEC work with Multicasting?

----- Original Message -----
From: "Ahmed Mamoor Amimi" <mamoor@ieee.org>
To: "Lab Candidate" <labccie@yahoo.com>; <ccielab@groupstudy.com>
Sent: Tuesday, March 05, 2002 7:19 AM
Subject: Re: IPSec question

> ur right ...
> that is the only access-list that u have to apply and IPSec will take care
> of the traffic that is returning or coming in to that
> match the access-list.... by saying MATCH the ACCESS-LIST means that IPSec
> will try to match the destination of the
> packet with the source of the access-list if they match and data
unprotected
> then IPSec will drop the packet considering it
> as not from the same sender that i have send to ....
> That is way CISCO recommecdeds that when making access-list on both side
> make sure that they are identical so both side could send protected data.
>
> -Mamoor
>
>
> ----- Original Message -----
> From: Lab Candidate <labccie@yahoo.com>
> To: <ccielab@groupstudy.com>
> Sent: Tuesday, March 05, 2002 9:58 AM
> Subject: IPSec question
>
>
> > IPSec inbound traffic is processed against the crypto map entries, if an
> unprotected packet
> > matches a permit entry in a particular access list associated with an
> IPSec crypto map entry, that
> > packet is dropped.
> > But on a second thought, the ACL is defined for outgoing traffic only,
> checking inbound traffic
> > against it is backwards. My question is does the IOS software reverse
the
> ACL order while checking
> > on incoming traffic like it was going outbound? I don't believe that you
> need to define separate
> > lines in ACL for incoming traffic, only the lines pertaining to outbound
> traffic are used for
> > checkup. Please confirm my understanding. TIA...
> >
> > ---
> >
> >
> >
> >

• Next message: Spoerr, Mathias: "AW: IPSec question"
• Previous message: Ahmed Mamoor Amimi: "Re: All about "distance" command - compact summary."
• Maybe in reply to: Lab Candidate: "IPSec question"
• Next in thread: Lab Candidate: "Re: IPSec question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:53 GMT-3