Hello all.
It has occured to while working with a couple of ISR’s that the Cisco implementation of the proxy ids is made superficially, as in the router usually does not care at all about the proxy ids. Except probably in policy-mode, but I’ve noticed it being disregarded in route-mode
The Quick Mode selectors are usually sent with the WAN IPs or the 0.0.0.0/0 depending on various configuration snippets. I’m not sure the relevancy if VRF-Aware IPSec is used but my assumption is that the invisible ACL “any any” is used, as per documentation.
However, it’s best to know that other vendors will not accept this behavior (such as PAN/Juniper) and it’s best to be aware and not waste 4 hours of time like me ????
Cheers,
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
It has occured to while working with a couple of ISR’s that the Cisco implementation of the proxy ids is made superficially, as in the router usually does not care at all about the proxy ids. Except probably in policy-mode, but I’ve noticed it being disregarded in route-mode
The Quick Mode selectors are usually sent with the WAN IPs or the 0.0.0.0/0 depending on various configuration snippets. I’m not sure the relevancy if VRF-Aware IPSec is used but my assumption is that the invisible ACL “any any” is used, as per documentation.
However, it’s best to know that other vendors will not accept this behavior (such as PAN/Juniper) and it’s best to be aware and not waste 4 hours of time like me ????
Cheers,
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/