17:44:00 From fahad : is there audio? i can't hear anything 17:44:12 From fahad : okie 17:44:14 From ahmedalrawi.a : yes 17:44:14 From fahad : yes 17:44:16 From Manik Sudhera : yes sir 17:44:16 From Rinchen : yes 17:44:17 From zaheer.jahangir : yes 17:44:18 From Abid : yes 17:44:29 From ishu Goyal : yes 17:46:16 From Manik Sudhera : nope 17:48:00 From Prash : Hi sir and everyone 17:48:05 From Prash : Rec permission pls 17:51:39 From omprakash : sir as pr the device - it should be ol 17:52:08 From omprakash : nly routrt or mix of router & firewall 17:53:10 From Santhosh : yes 17:53:21 From Oscar Ramirez : Can R1 be the key server for example? 17:54:22 From Oscar Ramirez : Thank you 17:56:03 From ahmedalrawi.a : no 17:56:04 From sinan.ali : no 17:56:06 From zaheer.jahangir : no 17:56:08 From Deeptiranjan : no 17:56:08 From sinan.ali : private 17:56:10 From Tariq : no 17:56:13 From Manik Sudhera : no 17:56:18 From sinan.ali : lan - to - lan 17:56:36 From Manik Sudhera : intranet 17:57:28 From zaheer.jahangir : no 17:57:30 From fahad : no 17:57:31 From Tariq : no 17:57:34 From Manik Sudhera : yes 17:57:43 From Manik Sudhera : not secure 17:57:44 From zaheer.jahangir : by route-leaking they can get the packets 17:59:36 From sinan.ali : yes 18:00:31 From sinan.ali : yes 18:00:37 From Shahab : yes 18:00:46 From Shahab : limited use cases 18:00:58 From sinan.ali : l3 vpn 18:01:12 From sinan.ali : yes 18:01:16 From sinan.ali : SD-WAN 18:01:53 From omprakash : can the KS be used for other functonalities 18:02:18 From omprakash : ok 18:02:31 From omprakash : yes sir 18:03:39 From sinan.ali : YES 18:03:47 From Manik Sudhera : yes sir 18:03:52 From Rinchen : key server 18:03:52 From sinan.ali : key server 18:03:53 From Tariq : ks 18:03:55 From Shahab : Key server 18:04:03 From Tariq : gm 18:05:17 From fahad : 2 18:05:18 From Rinchen : p I 18:05:18 From sinan.ali : phase 1 18:05:19 From Shahab : phase-1 18:05:22 From Raza Meer : 1 18:05:27 From Manik Sudhera : 1 18:06:20 From sinan.ali : session key 18:08:03 From ahmedalrawi.a : between GM 18:08:04 From Tariq : gm to gm 18:08:04 From sinan.ali : GM - MG 18:08:06 From Rinchen : betweeen the GM 18:08:48 From fahad : yes 18:08:59 From Rinchen : yes 18:09:01 From Raza Meer : yes 18:09:01 From Abid : yes 18:09:01 From zaheer.jahangir : yes 18:09:04 From Deeptiranjan : yes 18:09:08 From omprakash : yes 18:11:28 From omprakash : sir if there are two routers at each GM (HQ & branch), can it be configured in HA 18:11:46 From omprakash : ok sir 18:17:24 From Shahab : yes 18:17:28 From Manik Sudhera : yes 18:17:30 From Deeptiranjan : yep 18:21:43 From Surya : routing 18:22:06 From Manik Sudhera : yes 18:22:20 From Abid : yes 18:22:21 From Manik Sudhera : yes 18:22:23 From zaheer.jahangir : yes 18:22:24 From Raza Meer : yes 18:22:26 From Deeptiranjan : yes 18:23:08 From sinan.ali : yes 18:23:09 From zaheer.jahangir : yes 18:23:10 From Surya : yes 18:23:13 From Tariq : yes 18:23:16 From Surya : isakmp 18:23:17 From zaheer.jahangir : GDOI 18:23:17 From sinan.ali : GOTD 18:23:19 From Tariq : gdoi 18:23:22 From Surya : gdoi 18:23:23 From Tariq : 848 18:23:25 From Manik Sudhera : yes 18:23:28 From Manik Sudhera : gdoi 18:24:27 From Deeptiranjan : yes 18:24:31 From Manik Sudhera : yes sir 18:25:48 From Rinchen : yes 18:25:48 From Deeptiranjan : yes 18:25:49 From Tariq : yes 18:25:50 From Raza Meer : yes 18:25:51 From Manik Sudhera : yes sir 18:25:57 From Abid : yes 18:25:58 From omprakash : yes 18:25:59 From Shahab : yes 18:27:24 From sinan.ali : 0.0.0.0 to 0.0.0.0 18:27:42 From sinan.ali : okay 18:27:56 From Surya : 10.1.0.0 to 10.1.0.0 18:28:53 From sinan.ali : ye 18:29:04 From Manik Sudhera : yes sir 18:29:45 From Shahab : yes 18:29:47 From Rinchen : no 18:29:53 From Manik Sudhera : same 18:29:54 From Shahab : just the acl 18:31:20 From Rinchen : ks 18:31:27 From Shahab : key server 18:31:35 From Manik Sudhera : ks 18:32:23 From Rinchen : can you repeat what the identity number is used for? 18:33:00 From Rinchen : with different ID# 18:33:05 From Rinchen : ok 18:34:51 From Oscar Ramirez : I guess the GM accesses the KS only when establishing a session only, correct? Also, Does the KS pushes updates to the GMs when they happen? 18:35:21 From Oscar Ramirez : ok sounds good 18:36:12 From Shahab : point to key server 18:37:08 From Manik Sudhera : yes 18:37:15 From Rinchen : ts 18:37:21 From Deeptiranjan : transform set 18:37:22 From Rinchen : acl 18:37:29 From Deeptiranjan : ks 18:37:31 From Rinchen : ks 18:37:40 From Tariq : KS 18:39:06 From Rinchen : yes 18:39:14 From Manik Sudhera : yes 18:39:16 From Shahab : Does the identity number has to match on R7 and other routers? 18:39:42 From Shahab : got it 18:39:55 From zaheer.jahangir : will we not advertise the ipsec policy in gdoi? 18:40:09 From zaheer.jahangir : phase 1 i meant 18:40:49 From zaheer.jahangir : yes sir 18:42:10 From Oscar Ramirez : yes thank you 18:42:13 From Rinchen : is it shared over phase I tunnel? 18:42:26 From zaheer.jahangir : updates 18:42:29 From Rinchen : sk ts and acl 18:42:35 From Rinchen : ok 18:44:43 From Rinchen : nope 18:44:47 From Shahab : yes 18:45:25 From Rinchen : no 18:45:32 From Raza Meer : no 18:45:32 From sinan.ali : yes 18:45:33 From Tariq : no 18:45:40 From Rinchen : we haven't configured on r2 yet 18:45:43 From Raza Meer : need to apply the config on R2 as well 18:45:45 From sinan.ali : it is only encrypted now 18:45:57 From Shahab : no interesting traffic 18:46:10 From Shahab : ok 18:46:25 From sinan.ali : no decrypt 18:47:30 From Manik Sudhera : yes 18:47:32 From Oscar Ramirez : push it to R2 18:47:51 From Shahab : KS 18:47:55 From Shahab : nope 18:49:19 From Shahab : yes 18:49:22 From Rinchen : yes 18:49:32 From sinan.ali : yes 18:49:33 From Manik Sudhera : yes 18:51:02 From Rinchen : ok 18:51:04 From Shahab : yes 18:51:06 From Manik Sudhera : yes 18:51:07 From Abid : what is this GM version 18:51:09 From Deeptiranjan : yes 18:51:26 From Abid : ok 18:51:35 From zaheer.jahangir : sir what is the practical use of it, as no one would be having public LAN ip's 18:51:36 From Rinchen : I think he is asking about GM ver output on the screen 18:51:36 From sinan.ali : great 18:51:41 From Manik Sudhera : yes 18:51:52 From zaheer.jahangir : no 18:52:02 From zaheer.jahangir : sites 18:52:16 From zaheer.jahangir : private that is for sure 18:52:16 From sinan.ali : Private 18:52:22 From omprakash : private 18:52:29 From Tariq : yes sir 18:52:52 From zaheer.jahangir : yes sir 18:52:57 From Ahmad Rana : so this is for point to point or all kind of MPLS VPNs 18:53:12 From Ahmad Rana : layer 2 as well 18:53:20 From sinan.ali : So this is the only one who do the innter = outer 18:53:50 From Rinchen : can you run a packet capture and show us the header? 18:53:57 From Ahmad Rana : ok..make sense 18:53:59 From Rinchen : iou 18:54:00 From Rinchen : ok 18:54:17 From Ahmad Rana : what is the real world use case 18:55:03 From Ahmad Rana : So this is not an offering from SP, its customers configuration 18:55:19 From Ahmad Rana : thats what I meant…k,thanks 18:55:22 From Rinchen : as long as there is routing, I think we can run GET VPN right? 18:55:24 From Tariq : this is the only vpn for mpls networks 18:55:37 From Rinchen : I can see we can run in a cloud environment 18:55:43 From Rinchen : too 18:56:00 From Manik Sudhera : yes 18:56:16 From omprakash : Sir can it be part of the underlay technology 18:56:43 From Rinchen : routing 18:56:50 From Deeptiranjan : end-to end routing should be in place 18:56:54 From omprakash : end to end connectivity, and private 18:57:34 From omprakash : ok 18:57:52 From Manik Sudhera : yes 18:57:53 From zaheer.jahangir : sir generally asking any vendor limitation on this? 18:59:02 From Rinchen : no 18:59:51 From Oscar Ramirez : Thanks 18:59:59 From Manik Sudhera : ok sir 19:14:04 From Deeptiranjan : will be going through rekeying process through multicast and unicast in GET VPN ? 19:14:25 From Khawar Butt : Will do Unicast Re-keying 19:14:31 From Khawar Butt : Not mutlicast 19:16:05 From Deeptiranjan : ok sir 19:16:28 From Manik Sudhera : back sir 19:20:43 From Shahab : yes 19:20:44 From Manik Sudhera : yes sir 19:20:46 From Abid : yes 19:20:49 From Raza Meer : yes 19:20:53 From omprakash : yes 19:20:53 From Manik Sudhera : yes 19:20:55 From fahad : yes 19:20:58 From Abdulfattah : yes 19:21:03 From Conrad : good to go 19:22:45 From Shahab : yes 19:22:46 From Manik Sudhera : yes 19:22:52 From Deeptiranjan : yes 19:23:04 From omprakash : yes 19:23:05 From zaheer.jahangir : yes 19:23:05 From Manik Sudhera : yes 19:23:06 From Tariq : yes 19:23:06 From fahad : yes 19:23:06 From Raza Meer : yes 19:23:07 From Rinchen : yes 19:23:08 From Abid : yes 19:23:12 From Manik Sudhera : yes 19:23:12 From sinan.ali : yes 19:28:45 From Manik Sudhera : yes 19:28:52 From Rinchen : is regeneration of session key same as perfect forward secrecy? 19:28:53 From Deeptiranjan : yes 19:29:05 From Rinchen : ok 19:29:10 From Oscar Ramirez : Is it absolutely necessary? 19:29:48 From Rinchen : yes VRF 19:29:52 From zaheer.jahangir : yes 19:29:52 From sinan.ali : yes 19:29:56 From Raza Meer : aware of it 19:29:58 From Manik Sudhera : yes 19:29:59 From omprakash : no 19:30:03 From Deeptiranjan : yes 19:30:05 From Abid : no 19:39:13 From Shahab : yes 19:39:16 From Manik Sudhera : yes 19:39:21 From omprakash : yes 19:40:47 From Rinchen : yes 19:40:50 From Shahab : yes 19:40:52 From Raza Meer : yes 19:42:40 From Shahab : yes 19:42:43 From Manik Sudhera : yes 19:44:56 From sinan.ali : no 19:44:58 From Shahab : yes 19:44:59 From Rinchen : yes 19:45:01 From sinan.ali : yes 19:45:03 From zaheer.jahangir : yes 19:45:03 From Raza Meer : yes 19:45:03 From Conrad : yes 19:45:03 From Manik Sudhera : yes 19:45:03 From Deeptiranjan : yes 19:45:05 From omprakash : Sir, can we careat customer A and b on the same interface 19:45:08 From Abid : yes 19:45:19 From sinan.ali : sub interface 19:45:26 From omprakash : ok 19:46:38 From Shahab : Create VRF CUST-A, assign interfaces 19:50:41 From Raza Meer : vrf 19:50:51 From Shahab : yes 19:52:10 From Rinchen : shouldn't be .2 on the serial interafce 19:53:23 From Shahab : eigrp 19:53:24 From Rinchen : eigrp 19:53:27 From sinan.ali : eigrp 19:53:36 From Manik Sudhera : yes 19:53:55 From sinan.ali : global this one 19:55:08 From Ahmad Rana : this is VRF-lite :) 19:55:22 From Ahmad Rana : no BGP 19:55:37 From Shahab : yes 19:55:38 From Manik Sudhera : yes 19:56:29 From fahad : can it be vrf run on l3 switches with ip service image or only routers? 19:56:48 From fahad : can vrf be run on l3 switches with ip service image or only routers? 19:56:58 From fahad : okie 19:57:02 From Surya : Can we use other interfaces for global routing? 19:57:16 From Surya : OK 19:58:53 From Tariq : all of them in cust-a 20:00:03 From Manik Sudhera : yes 20:02:05 From fahad : but we can't use identical public ips i guess.. 20:02:19 From fahad : public? 20:02:41 From fahad : okie 20:04:18 From fahad : yes 20:04:19 From Deeptiranjan : yes 20:04:19 From Rinchen : yes 20:04:19 From Shahab : yes 20:04:19 From Manik Sudhera : ok 20:04:21 From Manik Sudhera : yes 20:04:22 From Raza Meer : ok 20:04:25 From omprakash : yes 20:04:28 From fahad : In real world is it done only at SP side? 20:04:30 From Manik Sudhera : yes 20:05:05 From Shahab : can we leak routes between VRFs? 20:05:06 From fahad : okie 20:05:22 From Shahab : ok 20:05:49 From Manik Sudhera : yes 20:06:59 From sinan.ali : yes 20:07:00 From Rinchen : yes 20:07:00 From Shahab : yes 20:07:08 From Manik Sudhera : yes 20:07:37 From Rinchen : vfr 20:07:38 From Deeptiranjan : vrf 20:07:38 From Surya : vrf 20:07:52 From sinan.ali : but for R3 is not on the VRF 20:08:02 From sinan.ali : sorry 20:09:11 From Rinchen : key 20:17:25 From Tariq : keyring name should be same on both sides 20:17:35 From Tariq : or just the peshared key 20:17:43 From Tariq : yes 20:18:01 From Tariq : ok, thanks 20:19:00 From Manik Sudhera : yes 20:19:24 From Rinchen : can you scroll down to crypto map 20:19:30 From Rinchen : yes 20:19:59 From Ahmad Rana : its simple, excepts every thing is VRF aware now. 20:20:08 From Rinchen : how to you apply crypto map for VRF cust-B 20:20:12 From Ahmad Rana : what is the practical use case 20:20:19 From Rinchen : oh they are on the differetn interface 20:20:25 From Rinchen : ok 20:20:25 From zaheer.jahangir : sir can u explain key-ring part again please.