Ah, ok. So, you would recommend configuring always the more specific, followed by the "general"?
Cheers Simon Am 06.10.2009 um 20:28 schrieb Tyson Scott: > The more specific need to be configured first. > > Regards, > > Tyson Scott - CCIE #13513 R&S and Security > Technical Instructor - IPexpert, Inc. > > Telephone: +1.810.326.1444 > Cell: +1.248.504.7309 > Fax: +1.810.454.0130 > Mailto: [email protected] > > Join our free online support and peer group communities: > http://www.IPexpert.com/communities > > IPexpert - The Global Leader in Self-Study, Classroom-Based, Video > On Demand > and Audio Certification Training Tools for the Cisco CCIE R&S Lab, > CCIE > Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE > Storage > Lab Certifications. > > > -----Original Message----- > From: Simon Baumann [mailto:[email protected]] > Sent: Tuesday, October 06, 2009 2:21 PM > To: Tyson Scott > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] VPN troubleshooting strategy. > > > Ok. If I would have an "cry isak key cisco1 address 1.1.1.1", "cry > isak key cisco2 address 2.2.2.2", "cry isak key cisco address 0.0.0.0" > and the less specific key is used for the DMVPN, how would IOS handle > the > ISAKMP keys? Do the speicific keys need to be configured before the > "general" key to be uses? > > Cheers > Simon > > > Am 03.10.2009 um 22:22 schrieb Tyson Scott: > >> Yep. >> >> Regards, >> >> Tyson Scott - CCIE #13513 R&S and Security >> Technical Instructor - IPexpert, Inc. >> >> Telephone: +1.810.326.1444 >> Cell: +1.248.504.7309 >> Fax: +1.810.454.0130 >> Mailto: [email protected] >> >> Join our free online support and peer group communities: >> http://www.IPexpert.com/communities >> >> IPexpert - The Global Leader in Self-Study, Classroom-Based, Video >> On Demand >> and Audio Certification Training Tools for the Cisco CCIE R&S Lab, >> CCIE >> Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE >> Storage >> Lab Certifications. >> >> >> -----Original Message----- >> From: Simon Baumann [mailto:[email protected]] >> Sent: Saturday, October 03, 2009 4:12 PM >> To: Tyson Scott >> Cc: <[email protected]> >> Subject: Re: [OSL | CCIE_Security] VPN troubleshooting strategy. >> >> Hi Tyson, >> Thanks for yor answer. So, you would troubleshoot each VPN technology >> seperate? >> >> Cheers >> Simon >> >> Von meinem iPhone gesendet >> >> Am 03.10.2009 um 21:57 schrieb "Tyson Scott" <[email protected]>: >> >>> Simon, >>> >>> The first thing to begin with when setting up DMVPN is to not apply >>> any >>> encryption until you have everything working. After you are able to >>> communicate from hub to spokes and spokes to spokes then apply the >>> crypto >>> configuration. By following this process you are then able to >>> determine >>> quickly whether the problem is with crypto configuration or the >>> Tunnel >>> setup. >>> >>> With GetVPN first making sure that you have full connectivity and >>> then >>> setting up the group members. I haven't finished the >>> troubleshooting >>> section for Lab4 yet so I will hopefully have better advise after >>> finishing >>> it. >>> >>> Regards, >>> >>> Tyson Scott - CCIE #13513 R&S and Security >>> Technical Instructor - IPexpert, Inc. >>> >>> Telephone: +1.810.326.1444 >>> Cell: +1.248.504.7309 >>> Fax: +1.810.454.0130 >>> Mailto: [email protected] >>> >>> Join our free online support and peer group communities: >>> http://www.IPexpert.com/communities >>> >>> IPexpert - The Global Leader in Self-Study, Classroom-Based, Video >>> On Demand >>> and Audio Certification Training Tools for the Cisco CCIE R&S Lab, >>> CCIE >>> Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE >>> Storage >>> Lab Certifications. >>> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of >>> Simon >>> Baumann >>> Sent: Saturday, October 03, 2009 12:36 PM >>> To: [email protected] >>> Subject: [OSL | CCIE_Security] VPN troubleshooting strategy. >>> >>> Hi, >>> I wonder which strategy is most useful to troubleshoot VPN >>> configurations. Let's assume I got an VPN with three routers, one is >>> the GETVPN and DMVPN server, two spokes. >>> >>> My strategy would be: >>> - check reachability >>> - check ISAKMP settings: PSKs, policies >>> - check transform sets >>> - check RSA key >>> - check ACL >>> - check tunnel interfaces, NHRP and so on >>> - check routing protocol >>> - check....<tobecontinued> >>> >>> How would you begin? >>> >>> Cheers >>> Simon >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, >>> please >>> visit www.ipexpert.com >>> >> > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
