Hey, Nahh, its alright... probably Ill track down his devices and take a look... I will report back what I find... :D
Mike. Subject: Re: [OSL | CCIE_Security] DMVPN Hub with EZVPN server From: [email protected] Date: Mon, 13 Aug 2012 01:29:03 -0300 CC: [email protected] To: [email protected] Yes Mike, You are right...I`m sorry, I forgot you were talking about EZVPN instead of GET...Well, can your friend provide the configuration because that would be one of those strange IT mysteries...don`t you think? LOL br,Bruno Silva. Em 13/08/2012, às 01:17, Mike Rojas <[email protected]> escreveu:Bruno, Aha! Yes but that is for DMVPN and GET, that for sure can be an issue, but EZVPN? Since it does not use the Global PSK, then it shouldnt be an issue configured with DMVPN.... My thinking is yes, you can use a keyring to force compliance, but is not a requirement. Mike. Subject: Re: [OSL | CCIE_Security] DMVPN Hub with EZVPN server From: [email protected] Date: Mon, 13 Aug 2012 01:14:08 -0300 CC: [email protected] To: [email protected] I guess that depends... For example, if you have 1 dmvpn and 1 getvpn, the global pre-shared key can be a problem if you use a 0.0.0.0 mask for the group members...Or am I wrong? Em 13/08/2012, às 01:10, Mike Rojas <[email protected]> escreveu:Hey Bruno, Mmmm, mine didnt have it... and for what I understand, the client will present the group as the ID... then, the information about the PSK is going to be retrieved from the isakmp configuration group. Global pre-shared should not mess up with the group pre-shared key for PSK. Annnnyways, feel free to let me know if I am missing concepts. Mike. Subject: Re: [OSL | CCIE_Security] DMVPN Hub with EZVPN server From: [email protected] Date: Mon, 13 Aug 2012 01:05:13 -0300 CC: [email protected] To: [email protected] Hi Mike, When I configured the dmvpn transform-set I forgot to use the mode transport in the transform-set and when I configured it the other VPNs just stopped working. With your friend, I believe he was using the isakmp profile and for that I believe the keyring is necessary if you are using profiles to configure your tunnel...BRBruno Silva. Em 13/08/2012, às 00:57, Mike Rojas <[email protected]> escreveu:Hi, Were you using DVTI? I tried to break it...and I tried hard... couldnt make it not work. My study partner said that he was having issues with phase one. Seems like yours was on Phase 2. How did you go around it? Mike. Subject: Re: [OSL | CCIE_Security] DMVPN Hub with EZVPN server From: [email protected] Date: Mon, 13 Aug 2012 00:43:16 -0300 CC: [email protected] To: [email protected] Hi Mike, Actually I was studying the same thing and I had some problems when it comes to the transform-set. The DMVPN transform set is specific to be used with it and because of that the other VPNs that where configured using that transform set weren`t working... BR,Bruno Silva. Em 13/08/2012, às 00:20, Mike Rojas <[email protected]> escreveu:Hello All, I was studying normal like any other Sunday with a bright afernoon, all sunny and windy... and I got asked by one of the guys that I work with (that is also studying) if I had ever encountered a problem with EZVPN server when configured on a DMVPN hub. I try to do some memory however, I dont recall having any issues. He stated that he had to create a keyring, insert it on a DMVPN Isakmp profile to make it work. I had a setup similar but my DMVPN had Certificates, I changed to pre-shared keys, nothing, moved the Isakmp policies and so on, Nothing. I couldnt make it not work... Everything was working fine.... So, my question to you guys... have you ever encountered that problem? Mike. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
