From: Sasa Milic (smilic@xxxxxxxx)
Date: Tue Mar 05 2002 - 21:53:45 GMT-3
I'm using GRE tunnel between offices, EIGRP is running the
over tunnel, and IPSec encrypts everything in tunnel. That
should work with OSPF, also.
Sasa
CCIE #8635
Sandro Ciffali wrote:
>
> I had the same problem working with eigrp and ipsec, i
> had to deny eigrp any any, here is the link which said
> to deny multicast with ipsec,
> Here it is, I don't know how nmew this link is, But it
> clearly say "Currently encryption of broadcast and
> multicast packet is not supported. If secure routing
> updates are important in the network design, a
> protocol with authentication built ins should be used.
>
> Check at
> http://www.cisc.com/warp/public/707/13.html
>
> Sandro
>
> --- Shadi <ccie@investorsgrp.com> wrote:
> > Hi all,
> >
> > Does IPsec work with Multicasting, I was trying to
> > encrypte a link between
> > two routers having OSPF routing protocol between
> > them, they could not make
> > adjancy between them, and it says that IPsec is not
> > encryoting 224.0.0.5
> >
> > So is there any way to make IPSEC work with
> > Multicasting?
> >
> >
> > ----- Original Message -----
> > From: "Ahmed Mamoor Amimi" <mamoor@ieee.org>
> > To: "Lab Candidate" <labccie@yahoo.com>;
> > <ccielab@groupstudy.com>
> > Sent: Tuesday, March 05, 2002 7:19 AM
> > Subject: Re: IPSec question
> >
> >
> > > ur right ...
> > > that is the only access-list that u have to apply
> > and IPSec will take care
> > > of the traffic that is returning or coming in to
> > that
> > > match the access-list.... by saying MATCH the
> > ACCESS-LIST means that IPSec
> > > will try to match the destination of the
> > > packet with the source of the access-list if they
> > match and data
> > unprotected
> > > then IPSec will drop the packet considering it
> > > as not from the same sender that i have send to
> > ....
> > > That is way CISCO recommecdeds that when making
> > access-list on both side
> > > make sure that they are identical so both side
> > could send protected data.
> > >
> > > -Mamoor
> > >
> > >
> > > ----- Original Message -----
> > > From: Lab Candidate <labccie@yahoo.com>
> > > To: <ccielab@groupstudy.com>
> > > Sent: Tuesday, March 05, 2002 9:58 AM
> > > Subject: IPSec question
> > >
> > >
> > > > IPSec inbound traffic is processed against the
> > crypto map entries, if an
> > > unprotected packet
> > > > matches a permit entry in a particular access
> > list associated with an
> > > IPSec crypto map entry, that
> > > > packet is dropped.
> > > > But on a second thought, the ACL is defined for
> > outgoing traffic only,
> > > checking inbound traffic
> > > > against it is backwards. My question is does the
> > IOS software reverse
> > the
> > > ACL order while checking
> > > > on incoming traffic like it was going outbound?
> > I don't believe that you
> > > need to define separate
> > > > lines in ACL for incoming traffic, only the
> > lines pertaining to outbound
> > > traffic are used for
> > > > checkup. Please confirm my understanding. TIA...
> > > >
> > > > ---
> > > >
> > > >
> > > >
> > > >
> > > >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:54 GMT-3