Bob took a moment to reflect back, and realize how far he had come over that past several months. He smiled to himself as he remembered how much he has learned about the technologies of  DMVPN, the ASA Firewall and IPSec, including GET VPN.

He had also improved his skills in MPLS, Multi-Protocol BGP, IOS IPS, EEM, and many other areas by using the sweet blog articles at INE.  (Shameless Plug :) ).

One Monday morning, as he was feeling refreshed from a rare weekend of no support calls, he was met by one of his co-workers with a technical riddle. Bob thought about it, googled it and then attempted to lab up a few solutions, all without success.

Your mission, should you choose to accept it, is to assist Bob by identifying the possible solution(s) to use IKE PHASE 1 in the desired way. Here is the topology, followed by the IPSec IKE Phase 1 riddle.

Here is the riddle.  Can you solve it for IKE Phase 1?

R1 and R2 will protect IP traffic between 4.0.0.0/24 and 6.0.0.0/24 using EasyVPN with R1 as the server,

and use Digital Certificates for the authentication of IKE Phase 1.
R1 and R2 will also protect traffic between 5.0.0.0/24 and 7.0.0.0/24 but use an IKE Phase 1 authentication

 of Pre-Shared of "cisco" associated with the protection of this traffic.
R3 may be used in any capacity for this task, including CA server, time server, etc.

Any and all ideas and observations are welcome, and you don't need to provide a full working configuration to voice your opinion.  So let's have it, can this even be done? ;)

From of all the ideas you offer as replies to this post, I am going to put all the names in a virtual hat, and draw a single winner for 50 rack tokens to our preferred rack vendor, Graded Labs. If you like, I can do a future blog with the detailed solutions, along with the name of the winner from the drawing.

Best wishes, and good luck!