what is the ip protocol number/id for NHRP

Unanswered Question
Dec 19th, 2008

what is the ip protocol number/id for NHRP? I have checked RFC 2332, it did not mention any thing about it.

Thanks,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sdoremus33 Fri, 12/19/2008 - 11:04

NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.

NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation. HTH

yuhuiyao Fri, 12/19/2008 - 11:10

Thanks for the quick reply.

I am using mGRE/DMVPN on a router with a FW in front of it. Will NHRP be encapsulated in GRE? Do I have to configure the FW to allow ip protocol number 47 (GRE) to permit NHRP?

ajagadee Fri, 12/19/2008 - 11:30

Hi,

Please refer the below URL for DMVPN behind a Firewall.

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPN_2_Phase2.html

Headend or Branch

Depending on the crypto and DMVPN headend or branch placements, the following protocols and ports are required to be allowed:

•UDP Port 500-ISAKMP as source and destination

•UDP Port 4500-NAT-T as a destination

•IP Protocol 50-ESP

•IP Protocol 51-AH (if AH is implemented)

•IP Protocol 47-GRE

Regards,

Arul

*Pls rate if it helps*

Actions

This Discussion