The recording of last week's seminar on Introduction to DMVPN for CCIE R&S v5 Candidates is now available to view here.  This is the first of many new free seminars on new topics that have been added to the CCIE R&S version 5 blueprint.  New upcoming sessions will include IPv6 First Hop Security, IPsec LAN-to-LAN tunnels, GET VPN, IGP Convergence & Scalability, and BGP Convergence & Scalability, just to name a few. Feel free to submit requests for additional topics in the comments below. Read More
INE is proud to announce the upcoming release of the following new additions to our All Access Pass Video-on-Demand library: Read More
As continuing pioneers of so many firsts in the CCIE training space, we have noted before on this blog how we have been offering you for over 6 months now, the first and only 100% web-based remote control client that controls not only CUCM SIP & SCCP phones, but also that controls SRST & CME SIP & SCCP phones. And we give it to you at no additional cost to your rental - it's built-in to every rack for free (no need to install a messy Windows-only software client). And now, we are very excited... Read More
In a recent post here on the INE blog, we received some follow-up questions similar to the following: "Why do IPSec peers end up using tunnel mode, even though we had explicitly configured transport mode in the IPSec transform-set?" It is an excellent question, and here is the answer.   In a site to site IPSec tunnel the "mode transport"  setting is only used when the traffic to be protected (traffic matching the Crypto ACLs) has the same IP addresses as the IPSec peers, and excludes all other... Read More
The two engineers, as they grabbed a quick lunch, looked over the following diagram. The network is GRE.   The routing in place, uses the tunnel interfaces to reach the remote networks of and   The IPSec policy is to encrypt all GRE traffic between R1 and R3.  R1 and R3 are peering with each other using loopback 11 and loopback 33 respectively. The technicians considered the traffic pattern if a host on the network sent a packet to a device on the... Read More
Thank you to all those who have submitted questions and comments to our blog and our CCIE Instructors. If you have a question, please email them to Question 1: Can anyone explain what is VPN intercept? -- Bhavik Joshi VPN Intercept can mean a few different things, depending on the specific context. One interpretation is from a driver perspective, where a VPN connection breaks the binding between TCP/IP and the physical interface, acting as a shim.  See also:... Read More
In a word, "Way to GO" (without the spaces, that would be one word :) ). I am impressed at all the feedback and ideas we received regarding the IKE phase 1 riddle we posed last week. You can read the original post here. Ideas were creative and varied. As one of our INE Instructors say, "If there are 2 different ways to configure something, as a CCIE candidate, you had better be prepared to know all 3 ".  If you would like to see "a solution", read on. Read More
For Part 2 of this series, click here. The following questions will be added to the Core Knowledge Simulation engine.   Answers will be provided in the comments section. Implement Identity Management Refer to the diagram.   The software running on the PC performs what role? Read More
Some time ago I mentioned that it is possible to configure a functional GET VPN scenario using just two routers. Normally, GET VPN requires a dedicated Key Server, which does not participate is user traffic encryption and only distributes keying information and encryption policies. All other routers – group members – register to the Key Server. A router could not register to itself when configured as a key server and group member simultaneously. However, there is a Key Server redundancy feature... Read More
Bob turned up the volume on his MP3 player. It was difficult to hear his music over the whirring of the humidifiers.  He sat down in one of the small chairs in front of a computer with SecureCRT.  It was freezing in the data center, and a short sleeved Bob was hoping for a quick and working solution.   It all happened like this: After his huge success implementing DMVPN and GET VPN overlay, (with a lot of help from his INE Blog Buddies), Bob was on a roll.   He decided to attempt VRF and IPSec... Read More

Subscribe to INE Blog Updates

New Blog Posts!