12-19-2008 11:00 AM - edited 03-04-2019 12:46 AM
what is the ip protocol number/id for NHRP? I have checked RFC 2332, it did not mention any thing about it.
Thanks,
12-19-2008 11:04 AM
NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.
NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation. HTH
12-19-2008 11:10 AM
Thanks for the quick reply.
I am using mGRE/DMVPN on a router with a FW in front of it. Will NHRP be encapsulated in GRE? Do I have to configure the FW to allow ip protocol number 47 (GRE) to permit NHRP?
12-19-2008 11:30 AM
Hi,
Please refer the below URL for DMVPN behind a Firewall.
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPN_2_Phase2.html
Headend or Branch
Depending on the crypto and DMVPN headend or branch placements, the following protocols and ports are required to be allowed:
â¢UDP Port 500-ISAKMP as source and destination
â¢UDP Port 4500-NAT-T as a destination
â¢IP Protocol 50-ESP
â¢IP Protocol 51-AH (if AH is implemented)
â¢IP Protocol 47-GRE
Regards,
Arul
*Pls rate if it helps*
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide