Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Cisco IOS-XE configuration supports multiple phase 1 crypto isakmp PSK options for ip address-peers. We have a large number of IPSec peers (700+) and would like to use one PSK per network range instead of per peer or the same PSK for all peers with ...
We are moving from IKEv1 to IKEv2 on our hundreds of VPN tunnels. We are being told to use asymmetric PSK because it’s more secure than using PKI and private in-house certificates. I disagree but I’m not the expert in the area. Can anybody clarify ho...
HiI built an EEM menu into my routers to expedite results. Currently -below- is my IPSec MENU. This EEM script is 4+ pages long and thus would like to modularize the menu into separate modules for ease of updates and any EEM troubleshooting. In my a...
We are about to start migrating some Cisco network IOS router point-to-point static VPN links from IKEv1 to IKEv2. We have an established QoS and MTU policy that is hard set to the exact values for remote end client routers. The question is - Can w...
Hi,I have asked my EEM questions in other groups but have received no responses so perhaps I was in the wrong groups.I'm trying to get the following IP addresses into different variables. The show crypto session | i port cli command provides this res...
The reason I ask is most peers fall within the 3 defined ranges of:192.168.0.0 /24172.16.0.0 /2410.0.0.0 /16 while other peers don't fall within a supernet at all - think ISP static addressing which will be covered by the 0.0.0.0 wild-card range.Shou...
Hi Rob, Thank you for the quick reply. Yea my password is a bad example no doubt :)..., and unfortunately our Juniper boxes (I didn't mention) do not support asymmetric PSKs -yikeeeeeeessss. In behind the curtains does the IOS just cycle through the ...
Hi Sheraz, I somehow missed your response until now. My bad.Thank you for responding and providing good detail. I was expecting there would be a technical reason, something concrete that would spell it out. Anyway, Thanks again for your helpFrank
Ok I figured out how to remove some of the excess noise by including no service timestamps debug at the beginning of the script. Then after each module script runs, reenable. The last portion that would be VERY helpful if it disappeared appears to...
To help better understand what is happening I have posted the results of BEFORE and AFTER. EEM Menu BEFORE modularizationalias cc calls the EEM applet menu. R1#cc______________EEM Crypto Status Ver 6___________________Choices:1 - Show ISAKMP IKEv2...
