Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

GETVPN

I am just starting to configure GETVPN in the lab before puting it in production and I am having a lot of issues. Hope I can get some help here :

1) "sh crypto iskmp sa" display the tunnels for about 10 minute and after that we don't any ipsec tunnel. Put sniffer and still seeing that the traffic is encrypted ...

2) When trying a multicast application "whiteboard, got it from Internet", it work for a minute and after that stop working .....

I am just questioning my self now if it is the right thing to go with GETVPN instead of DMVPN.....

Opened a TAC and still they haven"t resolved these issues.

Thanks

4 REPLIES
Community Member

Re: GETVPN

well acording to the guy from TAC GETVPN doesnt support NAT, i didnt see that on the documentation so im sticking with dmvpn for now

Community Member

Re: GETVPN

anybody can help me with the getvpn configuration i have made on my 1841 routers in a lan environment. It is not working with the attached configurations.

Community Member

Re: GETVPN

to question #1:

sh cry isa sa - shows only the SAs for ike phase1, not for traffic encryption

sh cry ips sa - will show u what traffic is being encrypted - that's why with sniffer you still see traffic encrypted.

see: getvpn design & impl'n guide section; 5.3.2 verifying gm operation

Re: GETVPN

Section 3.6.2 of the GETVPN design guide covers the reasoning behind shortened ISAKMP lifetime value on the GM.

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6525/ps9370/ps7180/GETVPN_DIG_version_1_0_External.pdf

277
Views
0
Helpful
4
Replies
CreatePlease to create content