cert
cert-1
cert-2

Pass Cisco SVPN 300-730 Exam in First Attempt Guaranteed!

Get 100% Latest Exam Questions, Accurate & Verified Answers to Pass the Actual Exam!
30 Days Free Updates, Instant Download!

cert-5
cert-6
300-730 Exam - Verified By Experts
300-730 Premium Bundle
$39.99

300-730 Premium Bundle

$69.98
$109.97
  • Premium File 188 Questions & Answers. Last update: Nov 13, 2024
  • Training Course 42 Video Lectures
  • Study Guide 1007 Pages
 
$109.97
$69.98
accept 22 downloads in last 7 days
block-screenshots
300-730 Exam Screenshot #1
300-730 Exam Screenshot #2
300-730 Exam Screenshot #3
300-730 Exam Screenshot #4
PrepAway 300-730 Training Course Screenshot #1
PrepAway 300-730 Training Course Screenshot #2
PrepAway 300-730 Training Course Screenshot #3
PrepAway 300-730 Training Course Screenshot #4
PrepAway 300-730 Study Guide Screenshot #1
PrepAway 300-730 Study Guide Screenshot #2
PrepAway 300-730 Study Guide Screenshot #31
PrepAway 300-730 Study Guide Screenshot #4

Last Week Results!

students 83% students found the test questions almost same
22 Customers Passed Cisco 300-730 Exam
Average Score In Actual Exam At Testing Centre
Questions came word for word from this dump
Premium Bundle
Free VCE Files
Exam Info
300-730 Premium File
300-730 Premium File 188 Questions & Answers

Includes question types found on the actual exam such as drag and drop, simulation, type-in and fill-in-the-blank.

300-730 Video Training Course
300-730 Training Course 42 Lectures Duration: 17h 51m

Based on real-life scenarios similar to those encountered in the exam, allowing you to learn by working with real equipment.

300-730 PDF Study Guide
300-730 Study Guide 1007 Pages

Developed by IT experts who have passed the exam in the past. Covers in-depth knowledge required for exam preparation.

Total Cost:
$109.97
Bundle Price:
$69.98
accept 22 downloads in last 7 days
Download Free Cisco 300-730 Exam Dumps, Practice Test
Cisco 300-730 Practice Test Questions, Cisco 300-730 Exam dumps

All Cisco SVPN 300-730 certification exam dumps, study guide, training courses are Prepared by industry experts. PrepAway's ETE files povide the 300-730 Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730) practice test questions and answers & exam dumps, study guide and training courses help you study and pass hassle-free!

Site-to-Site Virtual Private Networks on Routers and Firewalls

1. Describe GETVPN

The first step is to use group encrypted transport. That's what "Get VPN" stands for. And what exactly is a VPN? Let's give you, like, an overview. So iOS Get VPN is a massive amount of VPN technology that provides strong security for network traffic in native mode while maintaining a fully matched topology. It preserves the original source and destination IP address information in the header of the encrypted package for optimal routing. Hence, it is largely suited for an enterprise running over a private MPLS or AT IPS-based core network.

And what are some advantages of this VPN service? Well, it provides a highly scalable meshtopology natively and eliminates the need for complex peer-to-peer security associations like iPSC. Site-to-Site is a peer-to-peer secure association for multi-label switching, or MPLS. It maintains the network intelligence so it's properly measured, it uses all your services and routing paths, and it grants easy membership control over centralised key servers. It contributes to low latency and jitter by allowing full-time direction communication between sites without the need for a transfer to a central hub. And what are some components of GETVPN? A GETVPN deployment, on the other hand, consists of three main components: a key server (KS), a group member (GM), and a group domain of interpretation (GDOI) protocol. Well, the first thing is a key server, and the key server is responsible for maintaining security policies, authenticating the GMs that are going to be the routers, and providing the session key for encrypting traffic. KS authenticates the individual at the time of registration. And there are two types of keys that the GM will receive from the KS: the key encryption key, which is the KeK, and the traffic encryption key, which is the Te.

K the Tek joins the IPsecSA, or security association, through which group members within the same group encrypt data. And the KEK is used to secure the key messages between the key server and the group members. So you're going to be using the Tek. You need to remember this: you're going to be using that for the IPsec, and the Kek is going to be used to rekey messages. So whenever a key expires, you're going to be using the Kek to rekey a message between the GM and the key server and a group member, which is going to be a router or a layer. Three switch registers with a key server are necessary to get the six IP security associations, or SAs, that are necessary to encrypt the traffic within the group. The group member provides the group ID to the key server to get the respective policy and keys for this group. These keys are refreshed periodically, so they are timed by the KS, which is a key server, and before the current IPsec security associations expire so that there is no loss of traffic, and whenever they get the new key, remember that they are going to be using the Kek, which stands for the Key Encryption Key. Okay? So now we're moving on to the Gdoi protocol. This is also used for group key and group essay management, as well as security association management.

And the Gdoi uses the Internet Security Association Key Management Protocol (ISATMP) for authenticating the GMs and key servers. All the standard Isocamp authentication schemes, like RSA, signature certificates, and the Please share key, can be used for Get VPN. And here are the faces of Get VPN: And the first one, phase number one, only uses two faces. And phase one is when the members of the group will build with the KS, which is the key server, in a standard phase one using IKE version one or IKE version two. And this was required to create a secure communication channel. So that's what Phase One does. It just creates a secure communication channel. He also authenticates or registers the GM with the keyserver, and it uses normal Ice account poly settings, like Ice version one or Ice version two. And all this phase one does is safeguard the phase two exchange and what he accomplishes. What does phase one accomplish? Well, it authenticates the group member with the key server. It creates a protective channel for every group member. A group member will use the security association to securely speak with the key server.

And it's only needed to protect the phase-two exchanges. And now that we know about phase two, GetVPN phase two, GMs will start working on the KS. Phase two uses the Gdoi and stands for Cryptomanual of Interpretation. And the Gdoi is Isaacamp's extension. It negotiates which group domain we are going to encrypt and what is achieved through the group domain of interpretation. Well, on phase two, the key service securely distributes to GM or to group members the encryption domain for the respective group. The key server securities are distributed to the two keys of the GM. So this is what the keyserver does. It distributes these two keys as well as the respective group and two keys. And, as previously stated, the two keys are a key encryption key that is used to secure key messages from the K S from the key server to the group members. And the other key is the traffic key encryption, which is a traffic encryption key, or the Tek, which is used only by group members to encrypt the data plane.

So every time you're going to do a tunnel, you're going to be using the traffic encryption key. And whenever this key expires, we are going to get a new key by using the key in question key. Okay, here's a picture of how the VPN works. As you can see, the first phase is from the key server. You can see that this number one, this one, is phase one, which is trying to authenticate the group member, which is this one right here and this one over here with the key server, right? As you can see, this other router here is doing the same thing, and this other router is doing the same thing. And then, after that happens, we have normal Get VPN operations. This area is, as you can see, blue. And they are going to get that traffic; they are going to be encrypted with the TeK, which is a traffic encryption key, right?

And whenever that key expires, what's going to happen is we have operation number three right here, which is the rekey operation. And the key operation is whenever we use the KK, which stands for Key Encryption Key. And now, comparing the classic IPsec with this new VPN, why was Get VPN developed in the first place? in the first place. So the classical IP SEC is point-to-point, right? It is a point-to-point connection between two servers. It's a side-by-side thing, right? So the thing about that is that it's not suitable for multicast replication encryption. So you cannot use multicast. So you cannot have these three routers right here using the same tone because it just does not do that because it is point-to-point. So it's not suitable. What happens is that IPsec secure associations have to be negotiated for each new IPsec tunnel bubble.

When we use Get VN, you can use the same tunnel to reach out to this group member right here or to this other group member right here, or from this group member right here, you can reach this and this. And from this member, you can reach this guy and this guy right here. It also employs an excessive amount of control plane over the head or CPU. uses a lot of CPU time and unique IPsec assessments or security associations for each new tunnel. As a result, there are scalability issues with the number of essays. So whenever you are going to create a tunnel with a new router, like whenever you are going to install a new router, you need to create a new tunnel. But forget VPN; you can use the same tunnel to reach out to any of the other routers and get VPN. To reach any router in the group, one too many encryptions are used at the same time, which is why Get VPN was created in the first place. So I hope you guys enjoy this video.

2. DMVPN Intro

DMVPN. So there is a problem with site-to-site VPN, which is primarily used as a site-to-site VPN solution primarily used. This is for connecting the main office with multiple branch offices for a unique IP subnet. That configuration for the network administrator gets more complex as the number of branch offices increases. So, let's say you have the main office right here and then more branches that keep adding, so you keep buying more and more branches. Every time you purchase a branch, you will be required to configure a site-to-site VPN connection to the main office.

And that takes a long time because, if you have 20 branches, you must configure 20 different site-to-site VPN connections between them. And maintaining a topology like that with cryptomaps and pressure keys on each device becomes a full-time job as well. So you're probably going to need to hire somebody else just to maintain your crypto maps and the pre-share keys for that network itself. So it's not a great solution if it's not scalable or if you have multiple branches. Right? So the solution to this is DMVPN. DMVPN to the rescue Right? So DMVPN comes to the rescue by providing the same output while keeping the cost low, reducing configuration complexity, and increasing the flexibility of the overall network design. In DMVPN, one device acts as the central node of the whole VPN topology. The remaining ones act as clients to the central device for fetching information regarding VPN connections and destination addresses for intended connections.

And the central device is known as the hub, while the remaining devices are called spokes. Normally, the headquarters edge device is configured as a hub while the branch offices' edge device is configured as a spoke. And there are a couple of ways you could deploy the VMPN. DMVPN hopes to use this one to communicate with headquarters and connect it to a branch. In this mode of deployment, traffic between branches and offices flows through a hub as there is no direct communication between different spokes, and in a DMVPN, it is spoke to spoke that is used for branch to branch direct communication. It should not be noted that help and smoke are initially generated. A full or partial mesh network will be created once traffic from one spoke to another is generated.

So at first, when you configure spoke, this is mostly for DMVPN phase two; your phase two, I believe, is the one that only does hold and spoke. So all the traffic is going to go to the hub before it goes to the spoke. So, if there are two spokes out there and they want to communicate with one another, they must use the help. However, in phase three, they can communicate directly with the spoke to speak if necessary, and this is the other deployment, which you spoke to speak. But the first thing, the first communication that is out there, is going to have to go to the hub, and then after the hub makes the connection between the two spokes, they're going to be able to form a tunnel between the spokes, and then they're going to be able to talk to one another.

Okay? And the members are defined as the DMVPN hub, which is actually called the NHS in that configuration, and the DMVPN spokes are the next half clients. And here's the hub-and-spoke topology right now. right As you can see, the spokes and the hub are connected with each other. As a result, all DMVPN traffic in phase two will be assisted and spoken. So, if the spark wants to communicate with the remote office, the traffic must first reach the hub, which will then route it to the spoke. But if you're configuring the MVP in phase three, the initial traffic is going to be sent to the hub and then to the spokes. And then, after that, both of them are going to create their own tunnel. As you can see right here, And this is a spoke to another spoke, which is a spoke to Hog. Okay? Another thing to keep in mind when configuring DMVPN is that the spokes do not need to have a static public IP address. They can have a dynamic public IP address, and whenever it changes, the spoke is just going to tell the hub that its IP address has changed.

And so for this book, the only one that needs to have a static public IP address is the hub, right? Because whenever the spoke wants to communicate, it's going to use the same IP address all the time. So the hub needs to have a static public IP address, but the spokes do not need to have a static IP address, which saves money, and the benefits of using the mVPN are simplified hub configuration on a one-tunnel interface, which is called the MGRE, and dynamic IP address support for spoke devices. So the spoke devices use the NSRP protocol to communicate with other spokes. It is not mandatory to have a static IP address on your computer, just like I said before. And lower configuration and administration is also one of the benefits of the mVPN, and there's an option for securing implementation by using IPsec, which we are going to see in the later video where we are going to attach IPsec to our DMVPN.

And independent of which model is implemented, DMVPN creation always involves the following components or control planes: So you always need to have a MGRE tonal created, and you need to have the next hybrid solution protocol based on a migrated, configured, and IPsec-based MGRE tonal protocol. You don't really need to add IPsec. It doesn't always involve IPsec. It is optional. I need to remove that from this PowerPoint. What is NhRP?

So the next half-resolution protocol is an extension of the ATM routing mechanism that is sometimes used to improve the efficiency of routing computer network traffic over numbercast multiple access networks, or MBMA networks. And there are a couple of the VPN faces in phase one; I believe phase one is only spoke-to-speak, so they do not have a hub there. That's phase one. In phase two, you will have a spoke to hub configuration. And in phase three, you're going to have a spoke-to-speech and spoke-to-hub configuration.

So you're going to see all three on phase three, and you're going to add IP regions and also IP shortcuts, which you're going to see on the later video where I'm going to be configuring different phases, phase one, phase two, phase three, and IPsec is optional. But for phase bin, which is phase four, it requires you to have IPsec version 2 IPsec configure.

It is not optional. You actually have to; it is mandatory for phase four, which is flexible. And the scope of NhRP—well, NhRP is encapsulated inside GRE. It builds spoke to hub and point-to-point GRE tunnels, dynamically rebuilds, and builds hub to spoke and spoke to spoke tunnels with resource VPN addresses to MBMA addresses. And the NBM addresses are the physical interface addresses that you configure, like on gigabyte zero, 1 GB, zero, zero, or whatever you configure there; that's going to be the MBMA, which is also like the source of the destination you guys are going to see whenever I configure. You'll see what NBM is, that VPN addresses are none, and that BMA addresses are none.

You can look at it like ARP on Ethernet. That's how NhRP works: it maps an IP address to a Mac address. But for NSRP, what it does is map a logical interface, which is a tunnel and a GRE tunnel IP address, to the physical IP address, which is going to be an interface IP address. So that's how NSRP works. It just maps a logical or physical IP address. Because a physical IP address is a Mac address, it simply maps a tonal interface IP address, which is a logical IP address, to an interface IP address like Gigabytes or whatever IP address is configured on those. The GRE Tonal Source Address for Transport is the MBMA address. As I previously stated, this is the source address of the source, as well as the Gretono's source address. That's what the MBMA is. Let's see, and the logical interface is the Jerry tonal's IP address.

So the logical interface that you're using as your source address is going to be visible in the configuration, which is going to make more sense once you guys see it. and the VPN address. VPN addresses are jerry tonal level addresses, so whenever you go to interface tonal one and then IP address whatever, that's a VPN address on the GREtown, also known as the overlay. And this is it for this video, guys. I hope you enjoy this video. So we discussed the site-to-site problem and how difficult it is to maintain when you have a large number of branch offices configured and it is difficult to keep the cryptomized and precise key on it.

And to resolve that, we go over to the mVPN, which uses NhRP. And there are a few DMV deployments and deployments you can use up and speak to speak. And I show you guys a picture of the spoke-to-hope and spoke-to-speak configuration and go over the benefits of using the mVPN, which has a lower configuration and administration burden and also uses IPsec. IPsec can be added for encryption, data encryption, confidentiality, integrity, and Ang's replay protection. And like I said before, the MVPand uses the next-half resolution protocol, or NhRP, which works just like the ARP protocol. I also went over the NhRP scope, which is to dynamically build hope in order to speak and speak.

3. DMVPN Phase 1

So I have this topology right here. As you can see, the physical interface is this one right here, and the other ones right here are going to be the tonal interfaces that we are going to configure. VPN stands for "dynamic multi-point VPN," and it is a technique where you can build a VPN network using hub-and-spoke technologies on hub-and-spoke topologies. As you can see right here, the hub is like the main central device where all the traffic goes to.

So it spoke three times: one to talk to, spoke to, and it needs to go to the hub. Okay? And phase one is always going to have to go through the hub. In phase two, only the initial packet goes through the hub, and in phase three, the initial package still goes through the hub, but only the initial packet does. We're going to talk more about those spaces later on. As I previously stated, it is a VPN network on a hobbyist network that communicates with topologies dynamically without the need to configure the devices statically. So the mVPN also supports IPB-2 encryption and hence is a popular technique for building tunnels over internet connectivity, thus acting as an alternative to MPLS connectivity solutions. Furthermore, DMVPN is typically deployed in a hub-and-spoke architecture.

The hub has a simple multipoint tunnel interface, and all the spoke sites have a simple point-to-point interface with the hub. So another good thing about this is that only the hub is the one that needs to have a static public IP address. The rest of the spokes do not need to have a static public IP address, which is really cool to save some money. And DMVPN has three faces, like I said before, and in this post or in this lab, we will discuss the first DMVPN phase. And in phase one, there can be any kind of spoke-to-spoke communication directly.

So everything is going to go to the hub and then go down to the spoke. Later on phase two and phase three you are going to seethat we're going to have some hope to spoke or spoke tohelp connectivity and we also going to have spoke to spoke sowe don't have to use the hub all the time. Okay, that's enough talking; let's go ahead and start with the configuration. And also, I forgot to add that we have some loopback addresses, and that's just going to be playing the role of the network that we have, and that's the only role. It's just mimicking a network, basically. So we have these loopback addresses for each one of them, and we're not going to configure anything. This is just working as the ISP, or the Internet Service Provider. So, let us begin with this connectivity. I want to start over with this mVPN network, and I want to start by seeing if we can move it to this side. There we go. Let's move this over here.

Okay, so I want to start with the hub. I always start with the hub because if you start with the hub, then whenever you configure Spark, it's going to go ahead and talk to the hub, right? So I like to start with the hub. And over here, we are going to configure an interface tunnel. We're going to call it Tunnel Zero. And this one is going to create a GRE tunnel, which is a point-to-point tunnel right now. And now we're going to complete the IP address for this hub. It's going to be 18216 one.OK, 24. After you do that, I want to do no IP redirects because that is for phase three, which we're going to talk about later on, whenever we configure it. You'll also be performing NoIP Split Horizon EIGAP, and we'll be using the alternate system one.

So we are just telling this router to not use Split Horizon, and what that means is that when we use Split Horizon on other routes, we learn from this. So let's say if I learn this route one or two times on this interface, then this hub is not going to send it out the same way it came in. That's what split-Verizon does. So when Split Horizon is on, it won't send that update to Spock Two. So Spark Two won't know about this one. And whenever the hub learns about this other number right here or the two-way network, it won't send that to the spokes, so they won't be able to have connectivity. So that's why we say "no Speed Horizon." So that way, even though we are going to learn, we still send that route that we learned back out the same way it came in. That's how they talked about it.

Okay, so that's why we don't do Split Horizon. Okay, moving on. Now we are going to do IP NSRP and authentication. Let's do authentication. This authentication will be known as Cisco. That's the password of it, and it is an optional configuration, and this one needs to match across all the spokes. Okay, so both spoke one and spoke two must use the same password. Just remember that. And it is an optional configuration, like I said. And then we're going to do IP and SRP map multicast dynamic entry. So this command tells the route of the Hub router where to forward multicast package to.Since the IP addresses of the spoke routers are unknown, we use dynamic to automatically add their IP addresses to the multicast destination list. When the spokes register themselves, that's what it does.

All right, so now let's go ahead and do IP and SRP network ID. And the network ID is going to be one. This one was just used. I've seen a lot of stuff, but so far, what I see is that they just turn on MSRP so we can use MSRP. Okay, good. And I like to keep it the same, by the way. And then we are going to do a tonal source gigabyte. Zero, zero. And the source is this one right here, as you can see. So that's good. Following that, we will proceed to configure the tonne of mode. It's going to be GRE multipoint. And we're doing this because if we don't, I'm telling you it'll be multiple multipoint, which means we'll have different spokes out there. So since it's not going to be a point-to-point connection, which means that it's only a connection from one device to another, multipoint means that we are going to be talking to multiple devices. All right. Writing is point-to-point in the default mode. That's why we had to issue the multipoint command. Okay. All right. So we are done with this configuration. That's good. Now I'd like to configure your router, ERP. In addition, we use Eidrp NoSplay Horizon One.

So we've got to make sure that we use this one right here one. The network that I want to add I want to add this network, and then I want to add the network. And this other network that we need to add, we actually need to add. We will now add this one and two, one. We are going to use the logical interface. So the interface of the tunnel is the one that we are going to be using. So we are going to be using this network right here. 192. This one, six, and eight. That 10. that two by five. There it is. So we are done with the configuration of the hub. Now let's go ahead and configure the spokes. Spoke one. But this one is supposed to be three.

Okay. It is divided into three sections. Config t. and let's go ahead and configure that right now. So actually, let's just do sock two first. Configuration 2: And it will be slightly different, but the majority of it will be the same. We are going to configure 20. We are going to provide an IP address. That one. Dot two. Okay, let's see that one. This one. We need to switch this There we go. That 122-52-5250. And now we need to do IP and HRP authentication. Cisco, the same password that we gave on the Hub. Now we are going to do an IP and HRP map. And what we are saying is that we are going to create a static mapping between the Hub Tunnel and the MBMA address. Okay? And I'm going to tell you what that means. That one. that one, right? It will be the final address of 192.

So what does this mean? This means that whenever you want to go to this logical interface, use this interface right here that we have configured, which is one dot, two dots, ten dots to one. So we are going to use this interface right here to get to this logical interface. So to get to this tunnel, we're going to use this interface. Okay? Enter. And after we do that, we need to tell it the IP NhRP map, right? IP NhRP map, and from here we want to say that if we receive a multicast package, we will send it to where we want to send it. We want to send it to the NBMA address, which is this one over here. One is two, and that one is 21101, which is the NBM address. So the NBM address is this one right here. So if we get a multicast, send it to this MBMA address. That's what I'm telling it. And multicast is for EHRP. So whenever we get an EHRP packet or have an EHRP packet, we are going to send it to one and two. That one. Okay enter. And now it's going to configure the IP network ID. IP address and HRP network ID, we're going to set it to one.

And then we need to tell the spoke where the hub is. And the way they do that is by doing IP NhRPNHS, and we are going to tell it where it is. And to tell it where it is, we are going to use this IP address of this tunnel, right? And what's going to happen is that whenever this spoke tries to reach these NHS, if you want to try to reach it at this logical interface right at this logical IP address, what's going to happen is that it's going to be like, "Oh, where is this?" And then it's going to refer to the map that we created, which is right here. And this map tells you that if you want to go over here, you are going to send it to this IP address, which is this over here, right? Make sense? OK, good. And after we do that, we need to source, and then we go into the town of destination, and the destination is going to be the NBMA address one, and there are two people that want to attend that one. Good. We are comparing that. You can see that the interface has changed to the up position. So that's great.

And now we should have a tonne of creators doing IP, NSRP, showing IP, and SRP. And as you can see right here, we have a tone that has been created, tone zero, which was created this time ago. It never expires, and the type is static. The NBM address is 192 one. So this one was statically configured, as you can see right here. But now if we go to the hub, we should have one because the spokes talk to the hub, and the hub between the two spokes and this hub right here, they both created a tunnel, so in the hub, we should see that the type is dynamic. Okay? If we do show IP and SRP, there we go. As you can see right here, we have created a tonal 92 of 1812. That's the IP address of the logical IP address of the tunnel.

And we created this dynamically because we did not create a map—this map right here. Because when you create this map, that means that it was statically configured, but the hub did not configure it statically. You learn it dynamically because the spoke is configured to talk to the hub, right? And as you can see right here and in the NVMA address, to reach this tunnel, you need to reach it at 182 one.Okay? and we did not configure that over here. We did not configure that map over here. As you can see, it was dynamically learned. Okay, good. So we finished the second chapter. Now let's go and configure spoke one. You're going to have a tonal zero. And actually said three words. And this computer is going to have an IP address of 192. That three.

And actually, I forgot to configure something in this book. We need to configure and add the network of two, which is a look-back address. And then on the network, you can see that we have created a new adjacency with Tunnel 0. And the neighbour is a single state. So we created a network adjacency for that one, which is the hub, with tunnel onestate. And the hub has made one with this one, which is spoken to. Good. Let us now proceed to configure SPEAK 3. I assigned this IP address. Now what we need is to configure authentication. Authentication is going to be Cisco IP NhRP. We're going to create that IP NhRP map. And the map is going to say that if you want to reach this destination, this logical destination, which is the hub, I want you to send it at ten to one. Okay. Then IP NSRP. And over here, we'll do a map multicast and send it to the multicast, sending it to the NBM IP address.

Okay, good. Then we'll go over IP and SRP network IDs. Let's see if I'm missing something. Okay. I missed the IP and SRP for the NHS. In addition, the NHS is one x 2168. That's one. One. And as you can see here, we created that map over there. We created that map saying that if you want to reach the NSS, which is the hub, I want you to send it to the NBM. Okay, good. So since we want to register with the Hub, that's what we're going to do. We're going to register with the hub, and we're going to create that tonal. So that's why we need to create it here. Statically first. And this is for phase one. So we configure this statically with the hub. And then when we talk to the hub, we get to the hub. The hub creates a dynamic tunnel. We had three conversations. So, after we've done I p HR p and H-N-H-S 18181, let's move on to tonal source destination. The destination is going to be the MBMA. Good, there you go. That will increase. Now let's go ahead and configure the router-point network that's going to create a network adjacency or neighbour right here. So we are creating a neighbour with this guy right here, which is the hub. In addition, the hub has created a dynamic return with spoke 3.

So now if we do a doshow ip and HRP, you're going to see that we configure a static tunnel with this logical IP address, 12116 eight, that one.And the MBMA address is that one, which is good. And now we're off to the hub. And if we do a dual IP and you have two, the first one that was created was the one that I spoke to. And we use the MBMA address of 102.121, which is this address right here on this interface. And then we created another one, which is a tunnel. It was dynamic. And we get there by using the NBM of one and two. That one. So good. We have created two tunnels. So that's great. So, if we want to ping, let's run a traceroute from spoke to spoke three. So I want to ping three. That three you see here only took two hops. So it went from one to six to eight to that one, which is a logical interface. So we are getting into the tunnel. So we went into the hub, and then the hub sent it back to this spoke. Okay, so that's what it's saying. took two hubs.

She spoke one to the hub and then three. Right, there we go. It keeps doing the same. So all the traffic is going to the hub, and then the hub is sending it back to wherever it needs to go. So the hub is the central device for this. And if the hub goes down, then everything goes down. So that is a bad configuration. That's why phase one is not used anymore. Because if the hub is gone, then the two spokes won't be able to communicate with each other. So that's why in phase two, it only uses the Hub to create the tunnels and for this first ping as well. So you'll notice that when I configure Faceversion 2, the first thing, the first packet, will go through the hub. But once that first packet is gone, it'll just go straight, straight to the spoke. As a result, it will generate a spoke to speak Tonal. and therefore we won't need that hub anymore. Okay? We only need that hub if the IP address of one of the spokes changes and the spoke needs to communicate that with the hub. And if the hub is down, it won't be able to communicate. And then that tunnel between the two spokes is not going to be working anymore.

OK? And also, if you go to the hub, if you show IPDmvn or show Dmvn, you can see that; you can see the Dmvn. We can see right here that this is the MBMA address, which is one that is attached to the logical interface of this MBMA working right here. and it is done via NhRP. NSRP is the same as ARP, where ARP attaches a Mac to an IP address. NhRP attaches an MDMA address (which is an interface IP address) to a tunnel's IP address. It is the same. They work the same, but a little bit differently. Right? So I believe this is it for this video. I hope you guys enjoy this video on DMVPN.

4. DMVPN Phase 2

So I have this topology right here. As you can see, the physical interface is this one right here, and the other ones right here are going to be the tonal interfaces that we are going to configure. VPN stands for "dynamic multi-point VPN," and it is a technique where you can build a VPN network using hub-and-spoke technologies on hub-and-spoke topologies.

As you can see right here, the hub is like the main central device where all the traffic goes to.So it spoke three times: one to talk to, spoke to, and it needs to go to the hub. Okay? And phase one is always going to have to go through the hub. In phase two, only the initial packet goes through the hub, and in phase three, the initial package still goes through the hub, but only the initial packet does. We're going to talk more about those spaces later on. As I previously stated, it is a VPN network on a hobbyist network that communicates with topologies dynamically without the need to configure the devices statically. So the mVPN also supports IPB-2 encryption and hence is a popular technique for building tunnels over internet connectivity, thus acting as an alternative to MPLS connectivity solutions.

Furthermore, DMVPN is typically deployed in a hub-and-spoke architecture. The hub has a simple multipoint tunnel interface, and all the spoke sites have a simple point-to-point interface with the hub. So another good thing about this is that only the hub is the one that needs to have a static public IP address. The rest of the spokes do not need to have a static public IP address, which is really cool to save some money. And DMVPN has three faces, like I said before, and in this post or in this lab, we will discuss the first DMVPN phase. And in phase one, there can be any kind of spoke-to-spoke communication directly. So everything is going to go to the hub and then go down to the spoke. Later on in phases two and three, you are going to see that we're going to have some hope for spoke or spoke to help connectivity, and we're also going to have spoke to speak so we don't have to use the hub all the time.

Okay, that's enough talking; let's go ahead and start with the configuration. And also, I forgot to add that we have some loopback addresses, and that's just going to be playing the role of the network that we have, and that's the only role. It's just mimicking a network, basically. So we have these loopback addresses for each one of them, and we're not going to configure anything. This is just working as the ISP, or the Internet Service Provider. So, let us begin with this connectivity. I want to start over with this mVPN network, and I want to start by seeing if we can move it to this side. There we go. Let's move this over here. Okay, so I want to start with the hub. I always start with the hub because if you start with the hub, then whenever you configure Spark, it's going to go ahead and talk to the hub, right? So I like to start with the hub. And over here, we are going to configure an interface tunnel. We're going to call it Tunnel Zero. And this one is going to create a GRE tunnel, which is a point-to-point tunnel right now.

And now we're going to complete the IP address for this hub. It's going to be 18216 one.OK, 24. After you do that, I want to do no IP redirects because that is for phase three, which we're going to talk about later on, whenever we configure it. You'll also be performing NoIP Split Horizon EIGAP, and we'll be using the alternate system one. So we are just telling this router to not use Split Horizon, and what that means is that when we use Split Horizon on other routes, we learn from this. So let's say if I learn this route one or two times on this interface, then this hub is not going to send it out the same way it came in. That's what split-Verizon does. So when Split Horizon is on, it won't send that update to Spock Two. So Spark Two won't know about this one. And whenever the hub learns about this other number right here or the two-way network, it won't send that to the spokes, so they won't be able to have connectivity.

So that's why we say "no Speed Horizon." So that way, even though we are going to learn, we still send that route that we learned back out the same way it came in. That's how they talked about it. Okay, so that's why we don't do Split Horizon. Okay, moving on. Now we are going to do IP NSRP and authentication. Let's do authentication. This authentication will be known as Cisco. That's the password of it, and it is an optional configuration, and this one needs to match across all the spokes. Okay, so both spoke one and spoke two must use the same password. Just remember that. And it is an optional configuration, like I said. And then we're going to do IP and SRP map multicast dynamic entry. So this command tells the route of the Hub router where to forward multicast package to.Since the IP addresses of the spoke routers are unknown, we use dynamic to automatically add their IP addresses to the multicast destination list. When the spokes register themselves, that's what it does. All right, so now let's go ahead and do IP and SRP network ID. And the network ID is going to be one.

This one was just used. I've seen a lot of stuff, but so far, what I see is that they just turn on MSRP so we can use MSRP. Okay, good. And I like to keep it the same, by the way. And then we are going to do a tonal source gigabyte. Zero, zero. And the source is this one right here, as you can see. So that's good. Following that, we will proceed to configure the tonne of mode. It's going to be GRE multipoint. And we're doing this because if we don't, I'm telling you it'll be multiple multipoint, which means we'll have different spokes out there. So since it's not going to be a point-to-point connection, which means that it's only a connection from one device to another, multipoint means that we are going to be talking to multiple devices. All right. Writing is point-to-point in the default mode.

That's why we had to issue the multipoint command. Okay. All right. So we are done with this configuration. That's good. Now I'd like to configure your router, ERP. In addition, we use Eidrp NoSplay Horizon One. So we've got to make sure that we use this one right here one. The network that I want to add I want to add this network, and then I want to add the network. And this other network that we need to add, we actually need to add. We will now add this one and two, one. We are going to use the logical interface. So the interface of the tunnel is the one that we are going to be using. So we are going to be using this network right here. 192. This one, six, and eight. That 10. that two by five. There it is. So we are done with the configuration of the hub. Now let's go ahead and configure the spokes. Spoke one. But this one is supposed to be three.

Okay. It is divided into three sections. Config t. and let's go ahead and configure that right now. So actually, let's just do sock two first. Configuration 2: And it will be slightly different, but the majority of it will be the same. We are going to configure 20. We are going to provide an IP address. That one. Dot two. Okay, let's see that one. This one. We need to switch this There we go. That 122-52-5250. And now we need to do IP and HRP authentication. Cisco, the same password that we gave on the Hub. Now we are going to do an IP and HRP map. And what we are saying is that we are going to create a static mapping between the Hub Tunnel and the MBMA address. Okay? And I'm going to tell you what that means. That one. that one, right? It will be the final address of 192. So what does this mean?

This means that whenever you want to go to this logical interface, use this interface right here that we have configured, which is one dot, two dots, ten dots to one. So we are going to use this interface right here to get to this logical interface. So to get to this tunnel, we're going to use this interface. Okay? Enter. And after we do that, we need to tell it the IP NhRP map, right? IP NhRP map, and from here we want to say that if we receive a multicast package, we will send it to where we want to send it. We want to send it to the NBMA address, which is this one over here. One is two, and that one is 21101, which is the NBM address. So the NBM address is this one right here. So if we get a multicast, send it to this MBMA address.

That's what I'm telling it. And multicast is for EHRP. So whenever we get an EHRP packet or have an EHRP packet, we are going to send it to one and two. That one. Okay enter. And now it's going to configure the IP network ID. IP address and HRP network ID, we're going to set it to one. And then we need to tell the spoke where the hub is. And the way they do that is by doing IP NhRPNHS, and we are going to tell it where it is. And to tell it where it is, we are going to use this IP address of this tunnel, right? And what's going to happen is that whenever this spoke tries to reach these NHS, if you want to try to reach it at this logical interface right at this logical IP address, what's going to happen is that it's going to be like, "Oh, where is this?"

And then it's going to refer to the map that we created, which is right here. And this map tells you that if you want to go over here, you are going to send it to this IP address, which is this over here, right? Make sense? OK, good. And after we do that, we need to source, and then we go into the town of destination, and the destination is going to be the NBMA address one, and there are two people that want to attend that one. Good. We are comparing that. You can see that the interface has changed to the up position. So that's great. And now we should have a tonne of creators doing IP, NSRP, showing IP, and SRP. And as you can see right here, we have a tone that has been created, tone zero, which was created this time ago. It never expires, and the type is static. The NBM address is 192 one. So this one was statically configured, as you can see right here.

But now if we go to the hub, we should have one because the spokes talk to the hub, and the hub between the two spokes and this hub right here, they both created a tunnel, so in the hub, we should see that the type is dynamic. Okay? If we do show IP and SRP, there we go. As you can see right here, we have created a tonal 92 of 1812. That's the IP address of the logical IP address of the tunnel. And we created this dynamically because we did not create a map—this map right here. Because when you create this map, that means that it was statically configured, but the hub did not configure it statically. You learn it dynamically because the spoke is configured to talk to the hub, right? And as you can see right here and in the NVMA address, to reach this tunnel, you need to reach it at 182 one. Okay? and we did not configure that over here. We did not configure that map over here. As you can see, it was dynamically learned.

Okay, good. So we finished the second chapter. Now let's go and configure spoke one. You're going to have a tonal zero. And actually said three words. And this computer is going to have an IP address of 192. That three. And actually, I forgot to configure something in this book. We need to configure and add the network of two, which is a look-back address. And then on the network, you can see that we have created a new adjacency with Tunnel 0. And the neighbour is a single state. So we created a network adjacency for that one, which is the hub, with tunnel onestate. And the hub has made one with this one, which is spoken to. Good. Let us now proceed to configure SPEAK 3. I assigned this IP address.

Now what we need is to configure authentication. Authentication is going to be Cisco IP NhRP. We're going to create that IP NhRP map. And the map is going to say that if you want to reach this destination, this logical destination, which is the hub, I want you to send it at ten to one. Okay. Then IP NSRP. And over here, we'll do a map multicast and send it to the multicast, sending it to the NBM IP address. Okay, good. Then we'll go over IP and SRP network IDs. Let's see if I'm missing something. Okay. I missed the IP and SRP for the NHS. In addition, the NHS is one x 2168. That's one. One. And as you can see here, we created that map over there. We created that map saying that if you want to reach the NSS, which is the hub, I want you to send it to the NBM. Okay, good. So since we want to register with the Hub, that's what we're going to do. We're going to register with the hub, and we're going to create that tonal.

So that's why we need to create it here. Statically first. And this is for phase one. So we configure this statically with the hub. And then when we talk to the hub, we get to the hub. The hub creates a dynamic tunnel. We had three conversations. So, after we've done I p HR p and H-N-H-S 18181, let's move on to tonal source destination. The destination is going to be the MBMA. Good, there you go. That will increase. Now let's go ahead and configure the router-point network that's going to create a network adjacency or neighbour right here. So we are creating a neighbour with this guy right here, which is the hub. In addition, the hub has created a dynamic return with spoke 3. So now if we do a doshow ip and HRP, you're going to see that we configure a static tunnel with this logical IP address, 12116 eight, that one. And the MBMA address is that one, which is good. And now we're off to the hub.

And if we do a dual IP and you have two, the first one that was created was the one that I spoke to. And we use the MBMA address of 102.121, which is this address right here on this interface. And then we created another one, which is a tunnel. It was dynamic. And we get there by using the NBM of one and two. That one. So good. We have created two tunnels. So that's great. So, if we want to ping, let's run a traceroute from spoke to spoke three. So I want to ping three. That three you see here only took two hops. So it went from one to six to eight to that one, which is a logical interface. So we are getting into the tunnel. So we went into the hub, and then the hub sent it back to this spoke. Okay, so that's what it's saying. took two hubs. She spoke one to the hub and then three. Right, there we go. It keeps doing the same. So all the traffic is going to the hub, and then the hub is sending it back to wherever it needs to go.

So the hub is the central device for this. And if the hub goes down, then everything goes down. So that is a bad configuration. That's why phase one is not used anymore. Because if the hub is gone, then the two spokes won't be able to communicate with each other. So that's why in phase two, it only uses the Hub to create the tunnels and for this first ping as well.

So you'll notice that when I configure Faceversion 2, the first thing, the first packet, will go through the hub. But once that first packet is gone, it'll just go straight, straight to the spoke. As a result, it will generate a spoke to speak Tonal. and therefore we won't need that hub anymore. Okay? We only need that hub if the IP address of one of the spokes changes and the spoke needs to communicate that with the hub. And if the hub is down, it won't be able to communicate. And then that tunnel between the two spokes is not going to be working anymore. OK? And also, if you go to the hub, if you show IPDmvn or show Dmvn, you can see that; you can see the Dmvn.

We can see right here that this is the MBMA address, which is one that is attached to the logical interface of this MBMA working right here. and it is done via NhRP. NSRP is the same as ARP, where ARP attaches a Mac to an IP address. NhRP attaches an MDMA address (which is an interface IP address) to a tunnel's IP address. It is the same. They work the same, but a little bit differently. Right? So I believe this is it for this video. I hope you guys enjoy this video on DMVPN.

Cisco SVPN 300-730 practice test questions and answers, training course, study guide are uploaded in ETE Files format by real users. Study and Pass 300-730 Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730) certification exam dumps & practice test questions and answers are to help students.

Get Unlimited Access to All Premium Files Details
Purchase 300-730 Exam Training Products Individually
 300-730 Premium File
Premium File 188 Q&A
$65.99$59.99
 300-730 Video Training Course
Training Course 42 Lectures
$27.49 $24.99
 300-730 PDF Study Guide
Study Guide 1007 Pages
$27.49 $24.99
Why customers love us?
93% Career Advancement Reports
92% experienced career promotions, with an average salary increase of 53%
93% mentioned that the mock exams were as beneficial as the real tests
97% would recommend PrepAway to their colleagues
What do our customers say?

The resources provided for the Cisco certification exam were exceptional. The exam dumps and video courses offered clear and concise explanations of each topic. I felt thoroughly prepared for the 300-730 test and passed with ease.

Studying for the Cisco certification exam was a breeze with the comprehensive materials from this site. The detailed study guides and accurate exam dumps helped me understand every concept. I aced the 300-730 exam on my first try!

I was impressed with the quality of the 300-730 preparation materials for the Cisco certification exam. The video courses were engaging, and the study guides covered all the essential topics. These resources made a significant difference in my study routine and overall performance. I went into the exam feeling confident and well-prepared.

The 300-730 materials for the Cisco certification exam were invaluable. They provided detailed, concise explanations for each topic, helping me grasp the entire syllabus. After studying with these resources, I was able to tackle the final test questions confidently and successfully.

Thanks to the comprehensive study guides and video courses, I aced the 300-730 exam. The exam dumps were spot on and helped me understand the types of questions to expect. The certification exam was much less intimidating thanks to their excellent prep materials. So, I highly recommend their services for anyone preparing for this certification exam.

Achieving my Cisco certification was a seamless experience. The detailed study guide and practice questions ensured I was fully prepared for 300-730. The customer support was responsive and helpful throughout my journey. Highly recommend their services for anyone preparing for their certification test.

I couldn't be happier with my certification results! The study materials were comprehensive and easy to understand, making my preparation for the 300-730 stress-free. Using these resources, I was able to pass my exam on the first attempt. They are a must-have for anyone serious about advancing their career.

The practice exams were incredibly helpful in familiarizing me with the actual test format. I felt confident and well-prepared going into my 300-730 certification exam. The support and guidance provided were top-notch. I couldn't have obtained my Cisco certification without these amazing tools!

The materials provided for the 300-730 were comprehensive and very well-structured. The practice tests were particularly useful in building my confidence and understanding the exam format. After using these materials, I felt well-prepared and was able to solve all the questions on the final test with ease. Passing the certification exam was a huge relief! I feel much more competent in my role. Thank you!

The certification prep was excellent. The content was up-to-date and aligned perfectly with the exam requirements. I appreciated the clear explanations and real-world examples that made complex topics easier to grasp. I passed 300-730 successfully. It was a game-changer for my career in IT!