Re: IPSec question

From: Lab Candidate (labccie@xxxxxxxxx)
Date: Tue Mar 05 2002 - 05:58:34 GMT-3

• Next message: Stefano Andrello: "demand circuit"
• Previous message: Spoerr, Mathias: "AW: IPSec question"
• Maybe in reply to: Lab Candidate: "IPSec question"
• Next in thread: Aamir Waheed: "RE: IPSec question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
No, you can't. IPSec doesn't work with multicasting.

---
--- Shadi <ccie@investorsgrp.com> wrote:
> Hi all,
>
> Does IPsec work with Multicasting, I was trying to encrypte a link between
> two routers having OSPF routing protocol between them, they could not make
> adjancy between them, and it says that IPsec is not encryoting 224.0.0.5
>
> So is there any way to make IPSEC work with Multicasting?
>
>
> ----- Original Message -----
> From: "Ahmed Mamoor Amimi" <mamoor@ieee.org>
> To: "Lab Candidate" <labccie@yahoo.com>; <ccielab@groupstudy.com>
> Sent: Tuesday, March 05, 2002 7:19 AM
> Subject: Re: IPSec question
>
>
> > ur right ...
> > that is the only access-list that u have to apply and IPSec will take care
> > of the traffic that is returning or coming in to that
> > match the access-list.... by saying MATCH the ACCESS-LIST means that IPSec
> > will try to match the destination of the
> > packet with the source of the access-list if they match and data
> unprotected
> > then IPSec will drop the packet considering it
> > as not from the same sender that i have send to ....
> > That is way CISCO recommecdeds that when making access-list on both side
> > make sure that they are identical so both side could send protected data.
> >
> > -Mamoor
> >
> >
> > ----- Original Message -----
> > From: Lab Candidate <labccie@yahoo.com>
> > To: <ccielab@groupstudy.com>
> > Sent: Tuesday, March 05, 2002 9:58 AM
> > Subject: IPSec question
> >
> >
> > > IPSec inbound traffic is processed against the crypto map entries, if an
> > unprotected packet
> > > matches a permit entry in a particular access list associated with an
> > IPSec crypto map entry, that
> > > packet is dropped.
> > > But on a second thought, the ACL is defined for outgoing traffic only,
> > checking inbound traffic
> > > against it is backwards. My question is does the IOS software reverse
> the
> > ACL order while checking
> > > on incoming traffic like it was going outbound? I don't believe that you
> > need to define separate
> > > lines in ACL for incoming traffic, only the lines pertaining to outbound
> > traffic are used for
> > > checkup. Please confirm my understanding. TIA...
> > >
> > > ---
> > >
> > >
> > >
> > >

• Next message: Stefano Andrello: "demand circuit"
• Previous message: Spoerr, Mathias: "AW: IPSec question"
• Maybe in reply to: Lab Candidate: "IPSec question"
• Next in thread: Aamir Waheed: "RE: IPSec question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:53 GMT-3