Re: IPSec question

From: Sandro Ciffali (sandyccie@xxxxxxxxx)
Date: Tue Mar 05 2002 - 19:57:07 GMT-3

• Next message: Tarek Sabry: "RE: Quick question: GRE and EIGRP"
• Previous message: Brian Lodwick: "RE: Quick question: GRE and EIGRP"
• Maybe in reply to: Lab Candidate: "IPSec question"
• Next in thread: Sasa Milic: "Re: IPSec question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I had the same problem working with eigrp and ipsec, i
had to deny eigrp any any, here is the link which said
to deny multicast with ipsec,
Here it is, I don't know how nmew this link is, But it
clearly say "Currently encryption of broadcast and
multicast packet is not supported. If secure routing
updates are important in the network design, a
protocol with authentication built ins should be used.

Check at
 http://www.cisc.com/warp/public/707/13.html

Sandro

--- Shadi <ccie@investorsgrp.com> wrote:
> Hi all,
>
> Does IPsec work with Multicasting, I was trying to
> encrypte a link between
> two routers having OSPF routing protocol between
> them, they could not make
> adjancy between them, and it says that IPsec is not
> encryoting 224.0.0.5
>
> So is there any way to make IPSEC work with
> Multicasting?
>
>
> ----- Original Message -----
> From: "Ahmed Mamoor Amimi" <mamoor@ieee.org>
> To: "Lab Candidate" <labccie@yahoo.com>;
> <ccielab@groupstudy.com>
> Sent: Tuesday, March 05, 2002 7:19 AM
> Subject: Re: IPSec question
>
>
> > ur right ...
> > that is the only access-list that u have to apply
> and IPSec will take care
> > of the traffic that is returning or coming in to
> that
> > match the access-list.... by saying MATCH the
> ACCESS-LIST means that IPSec
> > will try to match the destination of the
> > packet with the source of the access-list if they
> match and data
> unprotected
> > then IPSec will drop the packet considering it
> > as not from the same sender that i have send to
> ....
> > That is way CISCO recommecdeds that when making
> access-list on both side
> > make sure that they are identical so both side
> could send protected data.
> >
> > -Mamoor
> >
> >
> > ----- Original Message -----
> > From: Lab Candidate <labccie@yahoo.com>
> > To: <ccielab@groupstudy.com>
> > Sent: Tuesday, March 05, 2002 9:58 AM
> > Subject: IPSec question
> >
> >
> > > IPSec inbound traffic is processed against the
> crypto map entries, if an
> > unprotected packet
> > > matches a permit entry in a particular access
> list associated with an
> > IPSec crypto map entry, that
> > > packet is dropped.
> > > But on a second thought, the ACL is defined for
> outgoing traffic only,
> > checking inbound traffic
> > > against it is backwards. My question is does the
> IOS software reverse
> the
> > ACL order while checking
> > > on incoming traffic like it was going outbound?
> I don't believe that you
> > need to define separate
> > > lines in ACL for incoming traffic, only the
> lines pertaining to outbound
> > traffic are used for
> > > checkup. Please confirm my understanding. TIA...
> > >
> > > ---
> > >
> > >
> > >
> > >
> > >

• Next message: Tarek Sabry: "RE: Quick question: GRE and EIGRP"
• Previous message: Brian Lodwick: "RE: Quick question: GRE and EIGRP"
• Maybe in reply to: Lab Candidate: "IPSec question"
• Next in thread: Sasa Milic: "Re: IPSec question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:54 GMT-3