sure, that is why it is always good to test when you have a question. You will learn more than if we just give the answer.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Bruno [mailto:[email protected]] Sent: Friday, August 05, 2011 1:00 PM To: Tyson Scott Cc: CCIE Security Maillist Subject: Re: [OSL | CCIE_Security] OEQ - Yusuf - NAT-t again NAT-t works on aggressive mode when used with IKE_ID only and PSK. Otherwise, main mode has to be used. Does this make sense? On Fri, Aug 5, 2011 at 1:08 PM, Bruno <[email protected]> wrote: Aggressive is used by cisco vpn client, which by default uses aggressive mode with PSK, it usually finds some NATs in path. But, good point, I never paid attention in which mode it was being negotiated I will do it in a min On Fri, Aug 5, 2011 at 12:56 PM, Tyson Scott <[email protected]> wrote: test it out Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 <tel:%2B1.810.326.1444%2C%20ext.%20208> Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 <tel:%2B1.810.454.0130> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Bruno Sent: Friday, August 05, 2011 11:15 AM To: CCIE Security Maillist Subject: [OSL | CCIE_Security] OEQ - Yusuf - NAT-t again Question: Which IKE mode detects NAT support and NAT existence along the network path in VPN deployment? Correct Answer: IKE phase 1 (Main mode) Your Answer: IKE phase 1 (Main mode/Aggressive mode) Why only main mode? I thought both modes suppots and detects NAT. -- Bruno Fagioli Cisco Security Professional -- Bruno Fagioli Cisco Security Professional -- Bruno Fagioli Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
