Hello All,
So this is something fun, check this out:
Router 1 (Hub) 172.1.0.1
|
172.1.0.2 |
Router2 (Spoke ASA
|
|
IPS
|
Router6
172.1.0.4 |
Router4(Spoke) |
So I was playing around and said, hey in Phase 2, it requires the spokes to
create on demand tunnels without having to pass across the hub right, so, I am
going to play mean and wont let the ASA to pass that traffic. Then, I tried to
ping from Router 2 to the protected network on Router 4 it worked..... I was
like .... well, this is a bitter disappointment, however, it did try to build
the tunnel, it didnt care, but instead I am assuming that it went to the hub
and relay the traffic there. Here are the outputs:
Router2
44.0.0.0/24 is subnetted, 1 subnets
D 44.44.44.0 [90/28288000] via 172.1.0.4, 00:01:40, Tunnel0
IPv4 Crypto ISAKMP SA
dst src state conn-id status
192.168.3.11 192.168.4.11 QM_IDLE 2002 ACTIVE
192.168.64.4 192.168.4.11 MM_NO_STATE 0 ACTIVE <---------------
It is in case if you guys have any comments or can explain it better, cuz this
clearly kills my theory of how this works... :P
Cheers,
Mike
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
