Bob took a moment to reflect back, and realize how far he had come over that past several months. He smiled to himself as he remembered how much he has learned about the technologies of  DMVPN, the ASA Firewall and IPSec, including GET VPN.

He had also improved his skills in MPLS, Multi-Protocol BGP, IOS IPS, EEM, and many other areas by using the sweet blog articles at INE.  (Shameless Plug :) ).

One Monday morning, as he was feeling refreshed from a rare weekend of no support calls, he was met by one of his co-workers with a technical riddle. Bob thought about it, googled it and then attempted to lab up a few solutions, all without success.

Your mission, should you choose to accept it, is to assist Bob by identifying the possible solution(s) to use IKE PHASE 1 in the desired way. Here is the topology, followed by the IPSec IKE Phase 1 riddle.

IKE Phase 1 Challenge

Here is the riddle.  Can you solve it for IKE Phase 1?

R1 and R2 will protect IP traffic between and using EasyVPN with R1 as the server,
and use Digital Certificates for the authentication of IKE Phase 1.

R1 and R2 will also protect traffic between and but use an IKE Phase 1 authentication
 of Pre-Shared of "cisco" associated with the protection of this traffic.

R3 may be used in any capacity for this task, including CA server, time server, etc.

Any and all ideas and observations are welcome, and you don't need to provide a full working configuration to voice your opinion.  So let's have it, can this even be done? ;)

From of all the ideas you offer as replies to this post, I am going to put all the names in a virtual hat, and draw a single winner for 50 rack tokens to our preferred rack vendor, Graded Labs. If you like, I can do a future blog with the detailed solutions, along with the name of the winner from the drawing.

Best wishes, and good luck!


About INE

INE is the premier provider of technical training for the IT industry. INE is revolutionizing the digital learning industry through the implementation of adaptive technologies and a proven method of hands on training experiences. Our portfolio of trainings is built for all levels of technical learning, specializing in advanced networking technologies, next generation security and infrastructure programming and development. Want to talk to a training advisor about our course offerings and training plans? Give us a call at 877-224-8987 or email us at

Subscribe to INE Blog Updates

New Blog Posts!