We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 639 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

355 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,


Forum Replies

  1. Due to an audit we just had we need to encrypt all traffic going out MPLS, should my ACL include the LANs and BGP/30 network in the ACL on my MPLS router in the datacenter (which is acting as the KS)?
    In your lab you used OSPF but we’re running BGP, is it better to use a IGP verse BGP?

  2. Hi Corwyn,

    It shouldn’t matter too much that you use BGP. There is one issue with BGP/GETVPN where traffic can be get blackholed if a GM doesn’t receive keys. Take a look at this:

    https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/15-mt/sec-get-vpn-15-mt-book/sec-get-vpn.html#concept_44F369138B744BCB8A2AEB90925C4433

    Apparently, the “Routing Awareness for BGP” feature prevents this from happening but that’s something you should test.

    I think the answer depends on what “all traffic” exactly means. Is this about data from your LANs o

    ... Continue reading in our forum

  3. Rene,

    can u provide some examples of the use cases of GETVPN?

  4. Hello Ray

    Rene explains the difficulties that IPsec presents when you have a multi site WAN deployment. Even with DMVPN, it is difficult and cumbersome to employ IPsec within such a WAN topology.

    The advantages of GETVPN will allow you to create a multi site WAN topology with a single IPsec SA, thus simplifying the implementation of IPsec into a multi site WAN topology.

    So examples for the use of GETVPN include all multi site WAN topologies that want to employ IPsec in a scalable manner. For example, a corporation with a DMVPN hub and spoke topology with multi

    ... Continue reading in our forum

  5. Hello Keith

    You are correct that OSPF must be configured in order to have this topology work. As you can see below, Rene mentions that OSPF is configured on the GM routers.

    //cdn-forum.networklessons.com/uploads/default/original/2X/5/53459932e0e00427e35573a60d95616fe6d3a755.png

    Because this was indeed a long lesson, for the purposes of being brief and concise, the actual OSPF configuration was not included in the lesson. It is however available in the configs of the devices at the very end.

    I hope this has been helpful!

    Laz

3 more replies! Ask a question or join the discussion by visiting our Community Forum