Hi Folks, This tasks asks me/us to configure a GETVPN over a DMVPN, the GETVPN is performing the encryption instead of the tunnel protection normally configured with DMVPN. One of the task requirements states "Use the default ISAKMP policies on the Group Members". In 12.4(15)T the only ISAKMP default policy for IKE uses RSA authentication.
In the solution guide for this task, a preshared key is provisioned on each GM and mapped to the KS ip address, a wildcard PSK is configured on the KS, and an ISAKMP policy is defined on the KS. No ISAKMP policy is defined on the GMs (which aligns with the task requirements). When I deploy the solution per the solution guide I cannot establish an ISAKMP SA between the KS and the GMs since the default ISAKMP policy on the GMs authenticates via RSA signature. Since the solution guide configures a PSK on the KS and GMs I think this implies PSK authentication should work - does anyone know where I'm going wrong on this task? All I can think of is it that maybe some other IOS versions include a default ISAKMP policy that uses PSK authentcation? Thanks. Sorry for the long-winded question. Jerome
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
