Chat 3 Part 1

17:43:30 From Santhosh : Rec permissionpls
17:43:52 From Abid : Recording Permission

17:44:00 From fahad : is there audio? i can't hear anything
17:44:12 From fahad : okie
17:44:14 From ahmedalrawi.a : yes
17:44:14 From fahad : yes
17:44:16 From Manik Sudhera : yes sir
17:44:16 From Rinchen : yes
17:44:17 From zaheer.jahangir : yes
17:44:18 From Abid : yes
17:44:29 From ishu Goyal : yes
17:46:16 From Manik Sudhera : nope
17:48:00 From Prash : Hi sir and everyone
17:48:05 From Prash : Rec permission pls
17:51:39 From omprakash : sir as pr the device - it should be ol
17:52:08 From omprakash : nly routrt or mix of router & firewall
17:53:10 From Santhosh : yes
17:53:21 From Oscar Ramirez : Can R1 be the key server for example?
17:54:22 From Oscar Ramirez : Thank you
17:56:03 From ahmedalrawi.a : no
17:56:04 From sinan.ali : no
17:56:06 From zaheer.jahangir : no
17:56:08 From Deeptiranjan : no
17:56:08 From sinan.ali : private
17:56:10 From Tariq : no
17:56:13 From Manik Sudhera : no
17:56:18 From sinan.ali : lan - to - lan
17:56:36 From Manik Sudhera : intranet
17:57:30 From fahad : no
17:57:34 From Manik Sudhera : yes
17:57:43 From Manik Sudhera : not secure
17:57:44 From zaheer.jahangir : by route-leaking they can get the packets
17:59:36 From sinan.ali : yes
18:00:37 From Shahab : yes
18:00:46 From Shahab : limited use cases
18:00:58 From sinan.ali : l3 vpn
18:01:16 From sinan.ali : SD-WAN
18:01:53 From omprakash : can the KS be used for other functonalities
18:02:18 From omprakash : ok
18:02:31 From omprakash : yes sir
18:03:39 From sinan.ali : YES
18:03:52 From Rinchen : key server
18:03:52 From sinan.ali : key server
18:03:53 From Tariq : ks
18:03:55 From Shahab : Key server
18:04:03 From Tariq : gm
18:05:17 From fahad : 2
18:05:18 From Rinchen : p I
18:05:18 From sinan.ali : phase 1
18:05:19 From Shahab : phase-1
18:05:22 From Raza Meer : 1
18:05:27 From Manik Sudhera : 1
18:06:20 From sinan.ali : session key
18:08:03 From ahmedalrawi.a : between GM
18:08:04 From Tariq : gm to gm
18:08:04 From sinan.ali : GM - MG
18:08:06 From Rinchen : betweeen the GM
18:09:01 From Raza Meer : yes
18:09:04 From Deeptiranjan : yes
18:09:08 From omprakash : yes
18:11:28 From omprakash : sir if there are two routers at each GM (HQ &
branch), can it be configured in HA
18:11:46 From omprakash : ok sir
18:17:30 From Deeptiranjan : yep
18:21:43 From Surya : routing
18:23:10 From Surya : yes
18:23:13 From Tariq : yes
18:23:16 From Surya : isakmp
18:23:17 From zaheer.jahangir : GDOI
18:23:17 From sinan.ali : GOTD
18:23:19 From Tariq : gdoi
18:23:22 From Surya : gdoi
18:23:23 From Tariq : 848
18:23:28 From Manik Sudhera : gdoi
18:27:24 From sinan.ali : 0.0.0.0 to 0.0.0.0
18:27:42 From sinan.ali : okay
18:27:56 From Surya : 10.1.0.0 to 10.1.0.0
18:28:53 From sinan.ali : ye
18:29:47 From Rinchen : no
18:29:53 From Manik Sudhera : same
18:29:54 From Shahab : just the acl
18:31:20 From Rinchen : ks
18:31:27 From Shahab : key server
18:31:35 From Manik Sudhera : ks
18:32:23 From Rinchen : can you repeat what the identity number is used for?
18:33:00 From Rinchen : with different ID#
18:33:05 From Rinchen : ok
18:34:51 From Oscar Ramirez : I guess the GM accesses the KS only when
establishing a session only, correct? Also, Does the KS pushes updates to the GMs
when they happen?
18:35:21 From Oscar Ramirez : ok sounds good
18:36:12 From Shahab : point to key server
18:37:15 From Rinchen : ts
18:37:21 From Deeptiranjan : transform set
18:37:22 From Rinchen : acl
18:37:29 From Deeptiranjan : ks
18:37:31 From Rinchen : ks
18:37:40 From Tariq : KS
18:39:16 From Shahab : Does the identity number has to match on R7 and other
routers?
18:39:42 From Shahab : got it
18:39:55 From zaheer.jahangir : will we not advertise the ipsec policy in
gdoi?
18:40:09 From zaheer.jahangir : phase 1 i meant
18:40:49 From zaheer.jahangir : yes sir
18:42:10 From Oscar Ramirez : yes thank you
18:42:13 From Rinchen : is it shared over phase I tunnel?
18:42:26 From zaheer.jahangir : updates
18:42:29 From Rinchen : sk ts and acl
18:44:43 From Rinchen : nope
18:45:32 From Raza Meer : no
18:45:40 From Rinchen : we haven't configured on r2 yet
18:45:43 From Raza Meer : need to apply the config on R2 as well
18:45:45 From sinan.ali : it is only encrypted now
18:45:57 From Shahab : no interesting traffic
18:46:10 From Shahab : ok
18:46:25 From sinan.ali : no decrypt
18:47:32 From Oscar Ramirez : push it to R2
18:47:51 From Shahab : KS
18:47:55 From Shahab : nope
18:51:07 From Abid : what is this GM version
18:51:26 From Abid : ok
18:51:35 From zaheer.jahangir : sir what is the practical use of it, as no one
would be having public LAN ip's
18:51:36 From Rinchen : I think he is asking about GM ver output on the screen
18:51:36 From sinan.ali : great
18:52:02 From zaheer.jahangir : sites
18:52:16 From zaheer.jahangir : private that is for sure
18:52:16 From sinan.ali : Private
18:52:22 From omprakash : private
18:52:29 From Tariq : yes sir
18:52:52 From zaheer.jahangir : yes sir
18:52:57 From Ahmad Rana : so this is for point to point or all kind of MPLS
VPNs
18:53:12 From Ahmad Rana : layer 2 as well
18:53:20 From sinan.ali : So this is the only one who do the innter = outer
18:53:50 From Rinchen : can you run a packet capture and show us the header?
18:53:57 From Ahmad Rana : ok..make sense
18:53:59 From Rinchen : iou
18:54:17 From Ahmad Rana : what is the real world use case
18:55:03 From Ahmad Rana : So this is not an offering from SP, its customers
configuration
18:55:19 From Ahmad Rana : thats what I meant…k,thanks
18:55:22 From Rinchen : as long as there is routing, I think we can run GET
VPN right?
18:55:24 From Tariq : this is the only vpn for mpls networks
18:55:37 From Rinchen : I can see we can run in a cloud environment
18:55:43 From Rinchen : too
18:56:16 From omprakash : Sir can it be part of the underlay technology
18:56:43 From Rinchen : routing
18:56:50 From Deeptiranjan : end-to end routing should be in place
18:56:54 From omprakash : end to end connectivity, and private
18:57:53 From zaheer.jahangir : sir generally asking any vendor limitation on
this?
18:59:51 From Oscar Ramirez : Thanks
18:59:59 From Manik Sudhera : ok sir
19:14:04 From Deeptiranjan : will be going through rekeying process through
multicast and unicast in GET VPN ?
19:14:25 From Khawar Butt : Will do Unicast Re-keying
19:14:31 From Khawar Butt : Not mutlicast
19:16:05 From Deeptiranjan : ok sir
19:16:28 From Manik Sudhera : back sir
19:20:58 From Abdulfattah : yes
19:21:03 From Conrad : good to go
19:28:52 From Rinchen : is regeneration of session key same as perfect forward
secrecy?
19:29:10 From Oscar Ramirez : Is it absolutely necessary?
19:29:48 From Rinchen : yes VRF
19:29:56 From Raza Meer : aware of it
19:29:59 From omprakash : no
19:30:05 From Abid : no
19:44:56 From sinan.ali : no
19:45:03 From Conrad : yes
19:45:05 From omprakash : Sir, can we careat customer A and b on the same
interface
19:45:19 From sinan.ali : sub interface
19:46:38 From Shahab : Create VRF CUST-A, assign interfaces
19:50:41 From Raza Meer : vrf
19:52:10 From Rinchen : shouldn't be .2 on the serial interafce
19:53:23 From Shahab : eigrp
19:53:24 From Rinchen : eigrp
19:53:27 From sinan.ali : eigrp
19:53:55 From sinan.ali : global this one
19:55:08 From Ahmad Rana : this is VRF-lite :)
19:55:22 From Ahmad Rana : no BGP
19:56:29 From fahad : can it be vrf run on l3 switches with ip service image
or only routers?
19:56:48 From fahad : can vrf be run on l3 switches with ip service image or
only routers?
19:57:02 From Surya : Can we use other interfaces for global routing?
19:57:16 From Surya : OK
19:58:53 From Tariq : all of them in cust-a
20:02:05 From fahad : but we can't use identical public ips i guess..
20:02:19 From fahad : public?
20:04:19 From Manik Sudhera : ok
20:04:22 From Raza Meer : ok
20:04:28 From fahad : In real world is it done only at SP side?
20:05:05 From Shahab : can we leak routes between VRFs?
20:05:22 From Shahab : ok
20:07:37 From Rinchen : vfr
20:07:38 From Deeptiranjan : vrf
20:07:38 From Surya : vrf
20:07:52 From sinan.ali : but for R3 is not on the VRF
20:08:02 From sinan.ali : sorry
20:09:11 From Rinchen : key
20:17:25 From Tariq : keyring name should be same on both sides
20:17:35 From Tariq : or just the peshared key
20:18:01 From Tariq : ok, thanks
20:19:24 From Rinchen : can you scroll down to crypto map
20:19:59 From Ahmad Rana : its simple, excepts every thing is VRF aware now.
20:20:08 From Rinchen : how to you apply crypto map for VRF cust-B
20:20:12 From Ahmad Rana : what is the practical use case
20:20:19 From Rinchen : oh they are on the differetn interface
20:20:25 From zaheer.jahangir : sir can u explain key-ring part again please.

Chat 3 Part 1

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Chat 3 Part 1

Încărcat de

Drepturi de autor:

Formate disponibile

17:43:30 From Santhosh : Rec permissionpls

17:43:52 From Abid : Recording Permission

S-ar putea să vă placă și