Re: Going for R/S in 20 days, studying ISAKMP

From: Greg Wendel (gwendel@gmail.com)
Date: Tue Jul 10 2007 - 11:56:00 ART

• Next message: Sean.Zimmerman@clubcorp.com: "Re: CCIE #18411"
• Previous message: Sean C: "Re: do not send Eigrp Hello on interfaces"
• Maybe in reply to: johngibson1541@yahoo.com: "Going for R/S in 20 days, studying ISAKMP"
• Next in thread: Antonio Soares: "RE: Going for R/S in 20 days, studying ISAKMP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If you really want to learn ISAKMP, IPSEC etc I would suggest you setup a
DMVPN or GET lab. These technologies have given me a much better
understanding of crypto.

On 7/10/07, John Gibson <johngibson1541@yahoo.com> wrote:
>
> I am doing ISAKMP by myself.
>
> I just hate to get the RS CCIE # before I use
> ISAKMP to do some work.
>
> Don't know why my psyche works this way. Oh yes I do.
>
> John
>
>
> --- Nick Payton <cisco@paytonsplace.net> wrote:
>
> > Was that with the 'update-source' command configured
> > on your peering
> > statement which then allows you to specify which
> > interface will send BGP
> > updates? A tricky way to specify it in a CCIE lab
> > would be to require the
> > peering happen over IPSec LAN-to-LAN tunnel and
> > "Encrypt all BGP traffic and
> > the peering must happen over the loopbacks and the
> > loopbacks are the IPSec
> > peering points" If you get this on the CCIE routing
> > and switching make sure
> > to go ask the proctor if you are taking the right
> > lab because it might be
> > the Security lab. I can't imagine them doing
> > anything harder than a vanilla
> > site to site IPSec tunnel on the R/S lab.....but ya
> > never know. =)
> >
> > -----Original Message-----
> > From: John Gibson [mailto:johngibson1541@yahoo.com]
> > Sent: Monday, July 09, 2007 6:55 PM
> > To: cisco@paytonsplace.net
> > Subject: RE: Going for R/S in 20 days, studying
> > ISAKMP
> >
> > Yea, I had to find the exact the outgoing interface
> > to add to the "peer A.B.C.D" command.
> >
> > I added the peer's loopback address and the peer
> > doesn't use the loopback address to negotiate.
> >
> > My fix is to find the exact outgoing interface and
> > add them to both "peer A.B.C.D".
> >
> >
> > John
> > --- Nick Payton <cisco@paytonsplace.net> wrote:
> >
> > > Was the issue finding the 'crypto map yourmaphere
> > > local-address loopback0'
> > > out of curiosity?
> > >
> > > Regards,
> > > Nick
> > > CCIE #13356
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com
> > > [mailto:nobody@groupstudy.com] On Behalf Of John
> > > Gibson
> > > Sent: Monday, July 09, 2007 1:37 PM
> > > To: Narbik Kocharians
> > > Cc: ccielab@groupstudy.com
> > > Subject: Re: Going for R/S in 20 days, studying
> > > ISAKMP
> > >
> > > I fixed my IPSec any ways. Now cranking out
> > > BGP aggregate routes.
> > >
> > > I am so surprised that locally generated BGP
> > > networks can be aggregated locally and sent out.
> > > Used to think only learned routes can be
> > aggregated
> > > like that.
> > >
> > > If I get CCIE # this round, I must be the least
> > > qualified CCIE. Or maybe not, this is just minor
> > > detail.
> > >
> > > John
> > >
> > >
> > > --- Narbik Kocharians <narbikk@gmail.com> wrote:
> > >
> > > > ISAKMP is NOT part of R&S track.
> > > >
> > > > On 7/9/07, johngibson1541@yahoo.com
> > > > <johngibson1541@yahoo.com> wrote:
> > > > >
> > > > > Have to go back to the right track soon. I set
> > > > myself up in my lab for
> > > > > loopback to loopback communication requiring
> > > IPSec
> > > > earlier. Now running
> > > > > loopback to loopback TCP connection for eBGP.
> > > > Stuck here a day
> > > > > troubleshooting
> > > > > ISAKMP. My spirit is deteriorating.
> > > > >
> > > > >
> > > >
> > >
> >
> _______________________________________________________________________
> > > > > Subscription information may be found at:
> > > > > http://www.groupstudy.com/list/CCIELab.html
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Narbik Kocharians
> > > > CCIE# 12410 (R&S, SP, Security)
> > > > CCSI# 30832
> > > >
> > >
> > >
> > >
> > >
> > >
> >
>
> ____________________________________________________________________________
> > > ________
> > > Don't pick lemons.
> > > See all the new 2007 cars at Yahoo! Autos.
> > > http://autos.yahoo.com/new_cars.html
> > >
> > >
> >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> >
> >
> >
> >
> >
>
> ____________________________________________________________________________
> > ________
> > Park yourself in front of a world of choices in
> > alternative vehicles. Visit
> > the Yahoo! Auto Green Center.
> > http://autos.yahoo.com/green_center/
> >
> >
>
>
>
>
>
> ____________________________________________________________________________________
> Building a website is a piece of cake. Yahoo! Small Business gives you all
> the tools to get online.
> http://smallbusiness.yahoo.com/webhosting
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
Gregory Wendel
Springfield VA, 22153

• Next message: Sean.Zimmerman@clubcorp.com: "Re: CCIE #18411"
• Previous message: Sean C: "Re: do not send Eigrp Hello on interfaces"
• Maybe in reply to: johngibson1541@yahoo.com: "Going for R/S in 20 days, studying ISAKMP"
• Next in thread: Antonio Soares: "RE: Going for R/S in 20 days, studying ISAKMP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:40 ART