I am confussed. When reading about dynamic maps I learnt that we used 0.0.0.0 0.0.0.0 as destination when specifing the isakmp key as we did not know what the source was going to be, and we assumed that the source was pointing to this router ip address. in other words one of the peers was pointing to the other peer when forming an isakmp negocatiation.
But lately I have seen a lot of configs on cco where both the routers have 0.0.0.0 0.0.0.0 statement and none of them are pointing to each other for isakmp policy negociation. Is this only valid in a point-to-point link or a hub and spoke topology? or I am not understading the concept?
Your understanding of all Zero's when defining Pre-Shared Key is correct. Basically, we define a PSK with 0.0.0.0 0.0.0.0 if we are not aware of the Source IP Address of the VPN Server that will initiate the connection.
Now, the CCO documents that you see with all Zero's on both Hub and Spoke is for DMVPN. For example the below URL:
DMVPN, relies on Next Hop Redundancy Protocol(NHRP) Information to build Tunnels. And the spokes build tunnels to other spokes using the NHRP information and there is no Static Configuration and that is why you will see PSK with all Zero's defined on the Hub as well as spokes.
I will definitly rate your post. I have a question though. In DMVPN you are increpting the MGRE tunnel using ipsec before the dynamic point to point tunnels comeup using NHRP information.
My question is that how does ipsec encrypt the mgre tunnel first, you do not need NHRP information between the hub and the spoke ipsec tunnel formation. How does 0.0.0.0 0.0.0.0 on both the hub and spoke facilitate the ipsec tunnel that encrypts the mgre built carryong the routing updates?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...