GET VPN or Group Encrypted Transport VPN is a whole different animal than Tunneling traffic between sites in an integral / encrypted manner, as it is a "Tunnel-less" approach to VPN between Branch locations! Some important components to GET VPN that make it possible KS / Key Server = Responsible for pushing "GET VPN" Policy … Continue reading GET VPN – Key Servers, Group Members, and Tunnel-less VPN Tunnels some how!
While both AToM and EoM are Point-to-Point Layer 2 MPLS Protocols, and L2TP is NOT related to MPLS (but a Layer 2 Tunneling Protocol all the same), VPLS is meant to be a Point-to-Multipoint or Multipoint-to-Multipoint Protocol to extend L2 across the MPLS. Some Terminology and random points on VPLS TLS - In VPLS terms … Continue reading MPLS – VPLS (Virtual Private LAN Service) review, another Layer 2 Cloud Transport solution, details inside!
I've added a couple of Routers to my current MPLS Lab, as the concept to my understanding is that with minor configuration on the PE / CE devices, it should just use the MPLS Network for Transport and that will be that! I have no training material or instructor led training on this, so this … Continue reading MPLS – EoM (Ethernet over MPLS) deeper review, attempted configuration, never worked with it before but lets give it a go!
This won't be a real long lab, as its more just removing OSPF as the WAN, configuring the ISP Router with point to point static routes to each site, then adding a single default route out to the Internet like you would any site in the Front Door VRF and associating both the Physical and … Continue reading DMVPN w/ Front Door VRF – Finally got it with static routing instead of trying to use OSPF over the WAN to form Adjacencies!
The above graphic is an L2TPv3 Frame that is essentially connected to a cloud like an MPLS Provider network, though it is not an MPLS Tech like AToM or EoM, it does work very similar in the way that it is Layer 2 Transport of data through a Provider Network. From what I am gathering … Continue reading NON-MPLS Layer 2 VPN – L2TPv3 (Layer 2 Tunneling Protocol) review, what exactly it is, and how it works! (No lab)
So this is getting pretty out of bounds of what I know / have worked with at all, however I wanted to make a quick note on these technologies so I have reference to them, those two being AToM (Anything over MPLS) and EoM (Ethernet over MPLS). From my understanding AToM is for more dated … Continue reading MPLS – AToM (Any Transport of MPLS) and EoM (Ethernet over MPLS) overview, very high level review of technology, some configuration examples as well!
I have to honestly say, I am so relieved (for now) to have this smaller Topology to demonstrate how and why Front Door VRF's work, why they work and why we care about them at all when no Cisco training material mentions them. Warning - This is another post that doesn't really teach you how … Continue reading DMVPN / Front Door VRF – A long lab of trying to get this to work, but it is fighting me all the way, to be continued…
First things first is getting DMVPN rocking on this Topology, and from in depth reading into different deployments of DMVPN, it seems the preferred method is to actually have two different DMVPNs running on BR1 and BR2, then configure spokes to be able to reach both (and each other). Its been a lot of head … Continue reading Huge DMVPN / PfR / FVRF Lab – Trying to get things working smoothly but failing, will be going back to basics for now!
Yes it took me hours just to plan and draw this Topology in EVE, and after opening 18 CLI windows for each device, I've appreciated just opening the CLI's of one site at a time, 18 command prompts will make you feel out of chair staring at long enough 🙂 I'm calling an audible here … Continue reading Quick break from studies to configure HUGE Lab, reinforcing CCNP R/S Skills, and setting up for new ones to be labbed!
One thing to note when going through DMVPN / Legacy or VTY Site-to-Site IPSec VPN profiles, is the IPSec configuration is basically always the same, though it has many variables that can be fine tuned whether its building an IPSec Profile to apply to a Tunnel Interface or building a Crypto Map both require basically … Continue reading Site-to-Site VPN – VTI (Virtual Tunnel Int) VPN discussion, configuration, and differences from Legacy Site-to-Site VPN!
This is referred to as "Legacy IPSec Site to Site VPN" which is kind of surprising to me that its already labeled legacy (outdated), however I'll get through a very light weight configuration specifically to encrypt communication between 220.127.116.11/32 and 18.104.22.168/32. All other traffic will be passed normally, those two specific src / dst IP's … Continue reading Site-to-Site VPN – Legacy IPSec Site-to-Site VPN Tunnel configuration demo, some verification, very straight forward!
I have not delved too deeply into QoS in general in my network studies (shame on me), however I will try to make this as intelligible as possible for my first time really looking at the basic concept of getting QoS to work on packets being encapsulated and encrypted! Quick review of IPSec built-in QoS … Continue reading DMVPN – QoS over DMVPN Tunnels using built in ToS Byte Preserve, then a lab on class-map configuration and “QoS Pre-Classify” configuration for DMVPN!
There will actually be no labbing of this one, as the same configurations will still apply to building tunnel interfaces, with just a few tweaks for the Routing Protocols swapped. What type of OSPF Area is used, why it is used, and additional OSPF configs Being that these Branches are going to have a single … Continue reading DMVPN – Quick review (non-labbed) of configs needed for OSPF as the Branches IGP with BGP running over the WAN!
At a high level view of all CCNP Enterprise Specialist exams I figured the 300-410 would be my next Cisco exam to sit, I hadn't set a date to begin studying for it at all, but in looking at the Blueprint tonight I found the last month of studies in VPN Technologies has covered 20% … Continue reading CCNP Enterprise 300-410 (ENARSI) Exam – Implementing Advanced Routing and Services – Blueprint progress tracking!
Drawing up IPSec Profiles to secure the DMVPN Network is honestly as easy as pictured above, though in modern networks there would be much stronger passwords, and most likely multiple profiles that would be deployed at different branches in the event one IPSec Profile were to become compromised. While troubleshooting my branch office deployment I … Continue reading DMVPN – Configuring and applying an IPSec Profile to DMVPN Tunnel interfaces, NHRP Auth config, and troubleshooting commands for IPSec!