From: John Gibson (johngibson1541@yahoo.com)
Date: Tue Jul 10 2007 - 10:23:15 ART
I am doing ISAKMP by myself.
I just hate to get the RS CCIE # before I use
ISAKMP to do some work.
Don't know why my psyche works this way. Oh yes I do.
John
--- Nick Payton <cisco@paytonsplace.net> wrote:
> Was that with the 'update-source' command configured
> on your peering
> statement which then allows you to specify which
> interface will send BGP
> updates? A tricky way to specify it in a CCIE lab
> would be to require the
> peering happen over IPSec LAN-to-LAN tunnel and
> "Encrypt all BGP traffic and
> the peering must happen over the loopbacks and the
> loopbacks are the IPSec
> peering points" If you get this on the CCIE routing
> and switching make sure
> to go ask the proctor if you are taking the right
> lab because it might be
> the Security lab. I can't imagine them doing
> anything harder than a vanilla
> site to site IPSec tunnel on the R/S lab.....but ya
> never know. =)
>
> -----Original Message-----
> From: John Gibson [mailto:johngibson1541@yahoo.com]
> Sent: Monday, July 09, 2007 6:55 PM
> To: cisco@paytonsplace.net
> Subject: RE: Going for R/S in 20 days, studying
> ISAKMP
>
> Yea, I had to find the exact the outgoing interface
> to add to the "peer A.B.C.D" command.
>
> I added the peer's loopback address and the peer
> doesn't use the loopback address to negotiate.
>
> My fix is to find the exact outgoing interface and
> add them to both "peer A.B.C.D".
>
>
> John
> --- Nick Payton <cisco@paytonsplace.net> wrote:
>
> > Was the issue finding the 'crypto map yourmaphere
> > local-address loopback0'
> > out of curiosity?
> >
> > Regards,
> > Nick
> > CCIE #13356
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com] On Behalf Of John
> > Gibson
> > Sent: Monday, July 09, 2007 1:37 PM
> > To: Narbik Kocharians
> > Cc: ccielab@groupstudy.com
> > Subject: Re: Going for R/S in 20 days, studying
> > ISAKMP
> >
> > I fixed my IPSec any ways. Now cranking out
> > BGP aggregate routes.
> >
> > I am so surprised that locally generated BGP
> > networks can be aggregated locally and sent out.
> > Used to think only learned routes can be
> aggregated
> > like that.
> >
> > If I get CCIE # this round, I must be the least
> > qualified CCIE. Or maybe not, this is just minor
> > detail.
> >
> > John
> >
> >
> > --- Narbik Kocharians <narbikk@gmail.com> wrote:
> >
> > > ISAKMP is NOT part of R&S track.
> > >
> > > On 7/9/07, johngibson1541@yahoo.com
> > > <johngibson1541@yahoo.com> wrote:
> > > >
> > > > Have to go back to the right track soon. I set
> > > myself up in my lab for
> > > > loopback to loopback communication requiring
> > IPSec
> > > earlier. Now running
> > > > loopback to loopback TCP connection for eBGP.
> > > Stuck here a day
> > > > troubleshooting
> > > > ISAKMP. My spirit is deteriorating.
> > > >
> > > >
> > >
> >
>
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:40 ART