Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7868
Views
0
Helpful
3
Replies

what is the ip protocol number/id for NHRP

yuhuiyao
Level 1
Level 1

‎12-19-2008 11:00 AM - edited ‎03-04-2019 12:46 AM

what is the ip protocol number/id for NHRP? I have checked RFC 2332, it did not mention any thing about it.

Thanks,

Labels:
0 Helpful
3 Replies 3

sdoremus33
Level 3
Level 3

‎12-19-2008 11:04 AM

NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.

NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation. HTH

0 Helpful

yuhuiyao
Level 1
Level 1
In response to sdoremus33

‎12-19-2008 11:10 AM

Thanks for the quick reply.

I am using mGRE/DMVPN on a router with a FW in front of it. Will NHRP be encapsulated in GRE? Do I have to configure the FW to allow ip protocol number 47 (GRE) to permit NHRP?

0 Helpful

ajagadee
Cisco Employee
Cisco Employee
In response to yuhuiyao

‎12-19-2008 11:30 AM

Hi,

Please refer the below URL for DMVPN behind a Firewall.

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPN_2_Phase2.html

Headend or Branch

Depending on the crypto and DMVPN headend or branch placements, the following protocols and ports are required to be allowed:

•UDP Port 500-ISAKMP as source and destination

•UDP Port 4500-NAT-T as a destination

•IP Protocol 50-ESP

•IP Protocol 51-AH (if AH is implemented)

•IP Protocol 47-GRE

Regards,

Arul

*Pls rate if it helps*

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card