Simon, This ACL is used for rekeying, as you mentioned. This means that you specify a KS and the Multicast group which you want to use for this purpose. There is no default multicast group address used, as far as I remember, so you have to specify it here.
Regards, -- Piotr Kaluzny CCIE #25665 (Security), CCSP, CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com On Thu, Mar 18, 2010 at 11:11 AM, Simon Baumann <[email protected]>wrote: > > Hi, > if I understand the GETVPN concept correct, the default rekey method is > multicast and you have to define an ACL for the rekey configuration. The > documentation has this example: > > > Example: > Router(config)# access-list 121 permit udp host 10.0.5.2 eq 848 host > 239.0.1.2 eq 848 > > So in this case, the KS would be 10.0.5.2 and 239.0.1.2 is the multicast > address used for GETVPN. I'm unsure why we have to define this? What would > happen if we would configure this > ACL with "permit ip any any"? > > Cheers > Simon > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
