The more specific need to be configured first. Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: [email protected] Join our free online support and peer group communities: http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. -----Original Message----- From: Simon Baumann [mailto:[email protected]] Sent: Tuesday, October 06, 2009 2:21 PM To: Tyson Scott Cc: [email protected] Subject: Re: [OSL | CCIE_Security] VPN troubleshooting strategy. Ok. If I would have an "cry isak key cisco1 address 1.1.1.1", "cry isak key cisco2 address 2.2.2.2", "cry isak key cisco address 0.0.0.0" and the less specific key is used for the DMVPN, how would IOS handle the ISAKMP keys? Do the speicific keys need to be configured before the "general" key to be uses? Cheers Simon Am 03.10.2009 um 22:22 schrieb Tyson Scott: > Yep. > > Regards, > > Tyson Scott - CCIE #13513 R&S and Security > Technical Instructor - IPexpert, Inc. > > Telephone: +1.810.326.1444 > Cell: +1.248.504.7309 > Fax: +1.810.454.0130 > Mailto: [email protected] > > Join our free online support and peer group communities: > http://www.IPexpert.com/communities > > IPexpert - The Global Leader in Self-Study, Classroom-Based, Video > On Demand > and Audio Certification Training Tools for the Cisco CCIE R&S Lab, > CCIE > Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE > Storage > Lab Certifications. > > > -----Original Message----- > From: Simon Baumann [mailto:[email protected]] > Sent: Saturday, October 03, 2009 4:12 PM > To: Tyson Scott > Cc: <[email protected]> > Subject: Re: [OSL | CCIE_Security] VPN troubleshooting strategy. > > Hi Tyson, > Thanks for yor answer. So, you would troubleshoot each VPN technology > seperate? > > Cheers > Simon > > Von meinem iPhone gesendet > > Am 03.10.2009 um 21:57 schrieb "Tyson Scott" <[email protected]>: > >> Simon, >> >> The first thing to begin with when setting up DMVPN is to not apply >> any >> encryption until you have everything working. After you are able to >> communicate from hub to spokes and spokes to spokes then apply the >> crypto >> configuration. By following this process you are then able to >> determine >> quickly whether the problem is with crypto configuration or the >> Tunnel >> setup. >> >> With GetVPN first making sure that you have full connectivity and >> then >> setting up the group members. I haven't finished the troubleshooting >> section for Lab4 yet so I will hopefully have better advise after >> finishing >> it. >> >> Regards, >> >> Tyson Scott - CCIE #13513 R&S and Security >> Technical Instructor - IPexpert, Inc. >> >> Telephone: +1.810.326.1444 >> Cell: +1.248.504.7309 >> Fax: +1.810.454.0130 >> Mailto: [email protected] >> >> Join our free online support and peer group communities: >> http://www.IPexpert.com/communities >> >> IPexpert - The Global Leader in Self-Study, Classroom-Based, Video >> On Demand >> and Audio Certification Training Tools for the Cisco CCIE R&S Lab, >> CCIE >> Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE >> Storage >> Lab Certifications. >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Simon >> Baumann >> Sent: Saturday, October 03, 2009 12:36 PM >> To: [email protected] >> Subject: [OSL | CCIE_Security] VPN troubleshooting strategy. >> >> Hi, >> I wonder which strategy is most useful to troubleshoot VPN >> configurations. Let's assume I got an VPN with three routers, one is >> the GETVPN and DMVPN server, two spokes. >> >> My strategy would be: >> - check reachability >> - check ISAKMP settings: PSKs, policies >> - check transform sets >> - check RSA key >> - check ACL >> - check tunnel interfaces, NHRP and so on >> - check routing protocol >> - check....<tobecontinued> >> >> How would you begin? >> >> Cheers >> Simon >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, >> please >> visit www.ipexpert.com >> > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
