hey team - in one of the solution guides (lab 17), i saw mention of the *ipsec-msft *inspection (*match protocol ipsec-msft*). i believe that doesn't apply in the case of normal site to site and VPN traffic over ESP and we have to "pass" ESP regardless (and consequently plan for it's return with a mirror policy).
i first thought this is for UDP 1701 which is the encapsulation for L2TP/IPsec. is it for L2TP/IPsec, or for standard NAT-T on UDP 4500, or what? am i also correct in my understanding that things like ESP (*match protocol ipsec*), while may be possible to inspect on high-end routers like a 7600, is not capable on the ISRs in the lab blueprint? looking here... : http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_m1.html#wp1057374 thanks! andrew
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
