Unanswered Question
May 6th, 2008

I am just starting to configure GETVPN in the lab before puting it in production and I am having a lot of issues. Hope I can get some help here :

1) "sh crypto iskmp sa" display the tunnels for about 10 minute and after that we don't any ipsec tunnel. Put sniffer and still seeing that the traffic is encrypted ...

2) When trying a multicast application "whiteboard, got it from Internet", it work for a minute and after that stop working .....

I am just questioning my self now if it is the right thing to go with GETVPN instead of DMVPN.....

Opened a TAC and still they haven"t resolved these issues.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ramiro.espinoza... Wed, 05/07/2008 - 05:53

well acording to the guy from TAC GETVPN doesnt support NAT, i didnt see that on the documentation so im sticking with dmvpn for now

dsandre-toh Thu, 05/27/2010 - 10:53

to question #1:

sh cry isa sa - shows only the SAs for ike phase1, not for traffic encryption

sh cry ips sa - will show u what traffic is being encrypted - that's why with sniffer you still see traffic encrypted.

see: getvpn design & impl'n guide section; 5.3.2 verifying gm operation


This Discussion