The link you forwarded shows a configuration on "dr_whoovie" router.
At " dr_ whoovie" the traffic that needs to be vpn-tunneled will have to be matched by crptomap rtp under S0
I have the question about the order the commands are listed under crypto map rtp which i have posted for easy reference. ( i understand regardless of the order presented below, the goal to vpn -tunnel the desired packets will be achieved)
The first command instrucst to perform the action instructed by " set peer 22.214.171.124"
( that means all the packets because at this stage interesting packets have not been identified)
The second command instructs router to perform the action instructed by " set transform-set rtpset"
( again that means the above action will be performed on all packets because at this stage interesting packets have not been identified)
The third command instructs router to perform the action instructed by " match address 115"
The above command will identify the interesting packets which will be forwarded out of s0 while all the rest will be denied
Is this order of operation correct?
If it is correct what will happen to packets that have been denied ,will they be dropped? Because in my book an example demonstrates the following
Crypto map sarah 1 ipsex-isakmp
match address 115
( interesting packets are identified by above command.
Then router performs the actions instrucetd by the following command on the interesting packets, all the others at this point are sent unencrypted out of interface. Here we observed the uninteresting packets which are denied by access-list are simply forwarded out of interface wihout being vpn-tunneled.
set peer 126.96.36.199set transform-set rtpset
If your compare this order of commands to that of one presented in the case of "dr_whoovie" ,you see the order of commands is different.
In " dr_ whoovie" the interesting traffic is identified at the end because " match address 115 "was used at the end ' the question is what will happen to the packets which are denied by access-list 15.
Will these packet simply be dropped even though router have performed all the actions instructed by "set peer 188.8.131.52, set transform-set rtpset " commands because those commands preceded " match address 115 " command?
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...