and dont forget if you want configure ASA using aggressive mode then you use hostname in your tunnel group i.e tunnel group cisco type ipsec-l2l this will automatically make use of aggresive mode you only need to specify your peer with name command..... i.e name cisco 192.168.10.1
________________________________ From: Kamran Shakil <[email protected]> To: Kingsley Charles <[email protected]> Cc: [email protected] Sent: Tue, December 7, 2010 6:18:17 PM Subject: Re: [OSL | CCIE_Security] GETVPN and DMVPN ...( Need clarification only) great !!! :) thanks mate. well, last query.... : " is it possible that in the configuration we can force phase i sa to be aggressive rather than main mode .??? " i do not see any clue or command to forcefully engage Aggressive mode in ike phase 1 ...... , i know that aggressive mode has 3 msgs and main mode has 6 msg exchanges, yet do not see any command where i can do a selection among the phase i modes of negotiation ?????? regards, Kamran Shakil ITA NDC Operations Engineer MidEast Data Systems LLC Oman Cell: + 968 95804126 Office: + 968 24576640 http://www.mynameise.com/kamranshakil77 Confidentiality Warning: "This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system." -----Original Message----- From: Kingsley Charles [mailto:[email protected]] Sent: Tue 12/7/2010 8:56 PM To: Kamran Shakil Cc: [email protected] Subject: Re: [OSL | CCIE_Security] GETVPN and DMVPN ...( Need clarification only) Comments inline. With regards Kings On Tue, Dec 7, 2010 at 10:09 PM, Kamran Shakil <[email protected]>wrote: > hi all, > > i have some practice labs and just fnished sections of ASA and IOS FW. > > Now moved to VPN...well i had 2 simple queries ... > > > 1> does DMVPN works only on routers ??? " i see no lab involving asa > firewalls for dmvpn.... " > If you are talking DMVPN using NHRP, then it is supported on IOS only. > > 2> does getvpn works only on routers???? " for this also , i do not find > any lab on ine or ccbootcamp or on cisco website documentation" > Works on IOS only. > Need expert advice, plz... my lab is in first week of march 2011 > > regards, > > Kamran Shakil > ITA NDC Operations Engineer > MidEast Data Systems LLC Oman > Cell: + 968 95804126 > Office: + 968 24576640 > http://www.mynameise.com/kamranshakil77 > > Confidentiality Warning: > "This message and any attachments are intended only for the use of the > intended recipient(s), are confidential, and may be privileged. If you are > not the intended recipient, you are hereby notified that any review, > retransmission, conversion to hard copy, copying, circulation or other use > of all or any portion of this message and any attachments is strictly > prohibited. If you are not the intended recipient, please notify the sender > immediately by return e-mail, and delete this message and any attachments > from your system." > > > ______________________________________________________________________ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > ______________________________________________________________________ > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
