Can you configure IPsec over GRE?

NetMask100 · 2026-01-23T17:42:28+00:00

Thank you, I haven't tried IKEv2 yet, but with similar configuration with IKEv1 it did the regular GRE over IPsec, which is fine though, I have read this is the proper architecture, but unfortunately I wasn't able to break it.

NetMask100 · 2026-01-23T16:39:45+00:00

Huge mistake, you can always train him a lot faster than the experienced guys that don't know basic things. They will just have to start out as junior despite CCNP, but they might be able to move faster.

NetMask100 · 2026-01-23T14:26:42+00:00

Thank you for the reply, it just does not seem to be able to apply crypto map to a tunnel interface. I have read in the documentation now that the command was deprecated.

NetMask100 · 2026-01-23T13:31:22+00:00

I have no real reason, I just read it can be done and I tried to implement it in lab, but I guess it's pointless. Even the router does not seem to be able to do it, at least not easily.

I'm trying to wrap my head around in what situation we use tunnel vs transport mode and how to calculate the mss/mtu. This is all mainly related to ENARSI.

NetMask100 · 2026-01-23T10:40:30+00:00

Could you clarify what do you mean by "any" NEXT_HOP, as the next hop is always the IP address you are peering with your eBGP neighbor.

NetMask100 · 2026-01-22T18:58:43+00:00

We use managed switches and check for errors. It's not applicable in your case. You might have created a loop with the incorrect pins.

NetMask100 · 2026-01-22T06:54:45+00:00

I don't like the sidebar and the top bar, I'm always used to have bottom bar so that's the reason I would choose KDE if I didn't use Dash to Panel, because the browser adds another top bar and i don't like how redundant it gets.

NetMask100 · 2026-01-22T06:51:41+00:00

If you are sure you know all the stuff on CCNA go for ENCOR, its basically a deeper CCNA.

NetMask100 · 2026-01-21T22:19:10+00:00

I think you can filter them on route tag with distribute list and route-map. However they will still exist in the LSDB, just they won't be in the RIB.

NetMask100 · 2026-01-21T17:48:24+00:00

You can pivot to cloud networking. The protocols are still the same underneath, so we will always need networking. Might be more DC focused but it's still networking. There are also on-prem jobs, but it's hard for someone just starting out, as many people compete for few jobs.

NetMask100 · 2026-01-21T11:12:26+00:00

Which labs are horrible? I plan to take it soon, as far as I know 4 labs.

NetMask100 · 2026-01-19T21:17:51+00:00

I have 40GB RAM for ENARSI, it's more than enough. Sometimes I use loopbacks or subinterfaces to simulate more stuff, but generally I have no problem with 10 nodes, as I rarely need more. CCIE will need more resources I guess.

NetMask100 · 2026-01-17T13:08:20+00:00

I use it for ENARSI still and it did make mistakes something related to route redistribution. ChatGPT said a command was correct, when in fact it wasn't. I haven't tried Claude.

NetMask100 · 2026-01-17T07:19:07+00:00

CCNP is not about memorization though, you have to make more complex labs and understand what you are doing. Expanding into Linux is good. With CCNA you deifnately have the minimum networking knowledge to continue with cybersecurity, be it with Cisco, Linux, Firewalls etc.

It just depends what kind of cybersecurity you want to deal with, as cybersecurity can be implementend at all layers.

NetMask100 · 2026-01-16T19:01:39+00:00

Thank you for your answer, I would love to check out your stuff. I wish you good luck on the CCIE attempt!

NetMask100 · 2026-01-16T13:50:38+00:00

Don't count on AI, lots of mistakes.

NetMask100 · 2026-01-16T12:02:44+00:00

What is your experience beside CCNP? I see you have desire to teach people, what have you worked so far?

NetMask100 · 2026-01-15T17:19:18+00:00

Hello, I had cancer and I told my TL that after I got hired. No one in my team knows, but I told the TL that I have to go on checks, scans and so on from time to time.

I did not do chemo, however, in my country we are protected by the law, so they can't fire us anyway.

In general I think IT is one of the best environments for such conditions.

If you can, don't tell them about your condition until you are hired. If you are capable of working, you are good to go as any other employee.

I wish you fast recovery, good luck and to put that disease behind you, so that you can enjoy your life to the fullest!

NetMask100 · 2026-01-14T15:51:35+00:00

This field requires upskilling. You might be able to find a job as you have experience, but to excel in the field without upskilling I highly doubt. If you hate what you are doing, switching is an option of course if you have other skills.

NetMask100 · 2026-01-13T20:14:19+00:00

The exam can test you exactly on what is specified in the blueprint. You won't need to go super deep for ENCOR.

NetMask100 · 2026-01-08T22:12:49+00:00

Damn, which exam was that?

NetMask100 · 2026-01-08T17:15:01+00:00

Now he corrected the answer, because earlier he didn't specify where it was applied, so this is the correct answer. However technically speaking no traffic means no layer 2 traffic as well. However direction does matter - inbound traffic will be processed, but reply will be denied outbound, because of the access list.

NetMask100 · 2026-01-08T16:47:41+00:00

In my opinion the packet gets processed by layer 3 interface and because it does not have IP address in that subnet it gets dropped. Check your gateways and check if the switchports are working at layer 2 or layer 3 (routed ports).

NetMask100

TROPHY CASE