Can anyone explain what is VPN intercept?
VPN Intercept can mean a few different things, depending on the specific context.
One interpretation is from a driver perspective, where a VPN connection breaks the binding between TCP/IP and the physical interface, acting as a shim. See also:
Another meaning can be in regards to intercepting SSL traffic.
Cisco – VPN-based IPv4 Lawful Intercept Taps -
Answered by: Marvin Greenlee, CCIE #12237
Dear Valuable Technical Teachers and Friends,
First of all , i wish and thank you for your great support to those who are
all preparing Network studies. I’ve completed my CCNA two years back.Now am
preparing for next step. At this point, i have bit confusion of deciding
whether can i do CCNP or CCIE(R&S). I would like to reach a top level in
Cisco Networking technology.So am requesting your suggestions, which is best
Also can you suggest any good simulators to improve my practical skills.
Thanks for the question. Having the CCIE certification makes for an excellent stepping stone in a technical career. An important aspect to successfully passing the CCIE lab exam, is a very solid understanding of all the technologies involved. A great way to prepare for this is through the CCNP level of studies. If a person chooses that path, they would do well to take time to learn the technologies while studying CCNP, and not have the feeling of just learning enough to pass a CCNP written exam. By truly learning the core technologies in CCNP, it will serve as a springboard into the CCIE studies. Many candidates waste large amounts of time in complex configurations, because they are lacking the basic understanding of the protocols and technologies that make up the scenario. I would recommend a 1-2 yr plan, that begins with CCNP, carries into CCIE studies, and end with you attaining your CCIE. Best wishes in your studies and journey.
Answered by: Keith Barker, CCIE #6783
would u mind please, explaining the benefit of command “area x nssa default-information-originate” ? i know how we use it but i don’t know its benefit? and do we use this command on ALL of the routers or just ABR? when we don’t use this what will happen?
thanks a lot
The benefit of having a default route is that you have somewhere to send traffic when you don’t have more specific information.
One point of using stub areas in OSPF is to minimize the information in the OSPF database.
With a stub area, you will have some OSPF routes, but not external routes (E1/E2) in the stub area. So, if somewhere else across the topology, there is redistribution happening, the device in the stub area won’t know about the redistributed networks. Having a default route out to the ABR can be all that a stub area needs, if the ABR has the routing information to send the traffic forward to the destination.
The R&S Advanced Technologies Class section on OSPF area types shows the difference of not having this command, as well as looking at the contents of the OSPF database.
Answered by: Marvin Greenlee, CCIE #12237
I have a question regarding ISDN Backup. I have two cisco routers 800 (IOS 12.4(15)T5) and 1600 (IOS 12.1(4)).
The 800 router is the primary link with SHDSL and the backup router is the 1600 with ISDN.
I have OSPF running between these two routers and HSRP. Now when the primary link (SHDSL) fails,
the Backup router (1600) should take over. How can I solve this problem. Or what is a suitable solution.
I have searched various forums and cisco, but I can’t find any sample according my example.
I am going to be an CCNA. But I guess there is much left to learn.
Thanks for your help.
Firstly, you dont need OSPF unless you have IGP requirements for other routers behind the border rouers (the 800 and the 1600). You only need HSRP running between the routers and static reliable route on the primary gateway (SHDSL). Next, configure HSRP to track the static route object in the primary router, and lower the priority when the static route fails. Your Cisco 800 should support this functionaly, and the 1600 only needs to know if the active router changes. So here are the steps
1) Create an IP SLA object in the 800 router, pinging your provider’s IP (“ip sla” commad)
2) Create an object tracking the state of IP SLA ping object (“track” commad)
3) Create a static default route in the 800 pointing to you ISP and tracking the object above
4) Configure static default route in the 1600
5) Configure HSRP so that 800 is the primary gateway
6) Configure the HSRP to track the object you created before (“standby XX track” command)
7) Ensure HSRP is configured to preempt so primary router may kick back in when the link recovers
This will ensure automatic switchover upon the lost of primary connection and automatic retun back to normal. You may want to read
for more information on reliable static routes.
Answered by: Petr Lapukhov’s, CCIE #16379
One Response to “Ask INE #3”
Leave a Reply