WEBVTT 00:08.360 --> 00:11.150 We are aware. 00:16.450 --> 00:18.130 What does this term mean? 00:18.160 --> 00:18.700 We are. 00:22.300 --> 00:23.910 Virtual routing forwarding. 00:26.380 --> 00:26.650 Okay. 00:27.340 --> 00:28.750 What you're basically doing. 00:34.150 --> 00:41.560 You're dividing your outer, which is, let's say, for example, in this case, our five, you're dividing 00:41.560 --> 00:44.230 our five into instances. 00:44.260 --> 00:46.470 Do you remember contexts in failover? 00:47.290 --> 00:48.460 Security context. 00:48.490 --> 00:49.840 What did you use to do? 00:50.570 --> 00:51.890 We had one box. 00:52.280 --> 00:56.380 But once you convert it into mode multiple, this one box is not one box anymore. 00:56.390 --> 00:59.930 It becomes virtual boxes inside a big box. 01:00.830 --> 01:04.970 So when you're dealing with it, you deal with context one and context two. 01:06.490 --> 01:08.440 And then you assign interfaces to it. 01:13.830 --> 01:19.530 The thing was, whatever interfaces you assign to context to has nothing to do with what interfaces 01:19.530 --> 01:21.060 you assign to context one. 01:21.300 --> 01:25.710 There was no co relationship between the two, so completely separate. 01:26.710 --> 01:31.390 The traffic from here from C1 did not affect the traffic from C2. 01:31.750 --> 01:35.560 The same concept can be applied to routers also on routers. 01:35.560 --> 01:37.930 What you can do This is R5, for example. 01:38.680 --> 01:40.390 I could divide R5. 01:41.120 --> 01:43.070 Into two contacts. 01:45.350 --> 01:50.120 How do you differentiate between the context in one context, only one interface can be put. 01:51.830 --> 01:52.730 One interface. 01:52.760 --> 01:56.810 Or if you want to have a look at it this way, one interface cannot be put in more than one context. 01:58.310 --> 02:01.340 Or we will refer to them as we are from. 02:01.340 --> 02:05.150 Now I say you can use shared interfaces here. 02:05.150 --> 02:05.630 You cannot. 02:07.320 --> 02:07.560 Here. 02:07.560 --> 02:12.300 One should have a dedicated interface. 02:12.930 --> 02:17.070 That's what I'm going to do here is I'm going to divide our five into two. 02:19.390 --> 02:21.100 I'm going to divide our six into two. 02:23.510 --> 02:25.160 And this is done locally, by the way. 02:25.710 --> 02:26.960 We are local. 02:28.530 --> 02:29.000 All right. 02:29.000 --> 02:32.330 So what I'll do is I have one connection. 02:32.330 --> 02:33.290 I have two connections here. 02:33.290 --> 02:33.700 Right? 02:35.550 --> 02:38.160 So I basically have a connection like this. 02:41.720 --> 02:43.010 Basically something like that. 02:46.590 --> 02:50.300 I the interface pointing to R1, I'll put it in one vf. 02:51.450 --> 02:52.530 I have two interfaces here. 02:52.530 --> 02:56.790 One of them I'll give it to this VF so I have a connection full setup on the other side. 02:56.790 --> 02:57.630 I'll do the same. 02:59.500 --> 03:02.290 Let's I do this for all the zero zero links. 03:07.460 --> 03:08.150 Right now. 03:08.150 --> 03:09.530 You can call this anything. 03:09.650 --> 03:11.840 This site can be called anything. 03:12.290 --> 03:16.700 You call it site A, and this site can be called. 03:18.480 --> 03:19.890 So I'd be just a name. 03:21.670 --> 03:25.330 Why would you require first of all, the question is why would you require the RF? 03:26.110 --> 03:26.500 Right. 03:26.530 --> 03:28.630 Usually what happens is. 03:32.170 --> 03:34.510 This would be somewhat of a service provider. 03:37.170 --> 03:37.550 Our five. 03:37.650 --> 03:39.590 Our six will not be directly connected to each other. 03:39.600 --> 03:41.550 This will be somewhat of a service provider. 03:43.420 --> 03:46.690 So R5 and R6 is connected right now. 03:46.690 --> 03:48.280 These are company assets. 03:49.480 --> 03:49.930 Company. 03:49.930 --> 03:51.430 I just wanted to talk to each other. 03:51.920 --> 03:53.620 Usually you have something like this. 03:53.740 --> 03:56.320 Or one wants to communicate. 03:56.320 --> 03:56.830 To whom? 03:57.640 --> 03:59.350 These are two parts of the same company. 04:01.280 --> 04:07.400 Right Tomorrow what could happen is another company would come in to you, get a connection from you 04:07.700 --> 04:09.710 so that they can communicate to each other. 04:12.030 --> 04:13.770 Across the Mpls cloud. 04:14.250 --> 04:15.540 Now you only have one router. 04:16.050 --> 04:18.990 How do you make sure their traffic never interacts with each other? 04:19.320 --> 04:23.940 And there can be a possibility where both of them are using the same subnet on the inside? 04:25.810 --> 04:30.840 They can be a possibility that these guys address is also 1011 11.0 slash 20. 04:33.730 --> 04:35.230 How will I manage that traffic? 04:36.750 --> 04:37.530 It will be using. 04:40.410 --> 04:42.570 No, this is a private networks. 04:42.570 --> 04:44.010 Private to private communications. 04:46.930 --> 04:48.250 It's actually an Mpls town. 04:48.910 --> 04:50.560 Actually, it starts with Mpls. 04:51.160 --> 04:52.120 That's what you do. 04:52.570 --> 04:54.700 You do it in Mpls. 04:54.730 --> 04:56.470 That's the biggest place. 04:56.470 --> 04:59.760 I mean, biggest implementation of Vrfs are Mpls. 04:59.770 --> 05:00.130 That's why. 05:00.160 --> 05:01.300 That's why they were built. 05:01.600 --> 05:03.040 But the question is. 05:03.310 --> 05:03.940 All right. 05:04.270 --> 05:04.960 You're doing this. 05:04.990 --> 05:07.210 What if you wanted protection to the furthest traffic? 05:08.410 --> 05:11.440 What have you wanted to protect this traffic going from here to here? 05:11.440 --> 05:14.470 It is still going through the cloud, but it's open, right? 05:14.590 --> 05:15.310 Clear text. 05:17.020 --> 05:22.300 What problem are problems solved for you was now you have to write. 05:22.300 --> 05:27.910 If you're connecting this interface to an instance of ERF and this interface, I'm connecting to this 05:27.910 --> 05:28.990 instance of ERF. 05:29.020 --> 05:31.970 It doesn't matter if both of them are in the same subnet. 05:32.000 --> 05:36.520 IP This can be ten, 11, 11, this can be ten, 11. 05:36.520 --> 05:36.790 11. 05:37.600 --> 05:39.850 There is no correlation between the two. 05:41.590 --> 05:44.830 Similarly, these two interfaces could have the same IP. 05:44.950 --> 05:45.550 Who cares? 05:46.120 --> 05:48.730 These are not connected to the same router. 05:50.650 --> 05:52.870 Physically they are, but logically they are not. 05:53.470 --> 05:56.530 Logically, they are connected to two different instances. 05:56.740 --> 05:57.610 If we had lots of. 06:01.260 --> 06:01.930 Subinterface. 06:03.140 --> 06:03.840 Subinterface. 06:03.960 --> 06:05.670 And then put the subinterfaces in. 06:06.690 --> 06:08.610 For each of those companies. 06:09.090 --> 06:13.350 You just have to make sure one logical interface per vref at least. 06:14.760 --> 06:15.000 Right. 06:15.330 --> 06:17.580 Look, I'll do the same on the other side. 06:17.610 --> 06:19.170 Let's see how this works. 06:19.320 --> 06:21.120 Let's configure the edges first. 06:21.150 --> 06:22.140 Simple one. 06:32.400 --> 06:32.610 So. 06:36.720 --> 06:39.750 You don't have to worry about the labels and everything that will be done for you. 06:40.380 --> 06:41.730 Mpls Cloud will do it. 06:42.150 --> 06:45.930 Your job is how to apply VPN to the RF aware router. 06:46.530 --> 06:47.610 How do you use it? 06:51.800 --> 06:54.220 Will come with labels come at two point. 06:54.840 --> 06:57.220 Not where if it's just a router. 06:59.960 --> 07:00.860 Labels will be. 07:02.440 --> 07:03.370 As such. 07:05.120 --> 07:06.290 They will be here. 07:06.320 --> 07:07.310 They won't be changed. 07:08.600 --> 07:10.370 See labels will not be used by you. 07:11.260 --> 07:13.360 No Labels will be used by the cloud. 07:13.840 --> 07:21.010 The cloud after we arrive, after we arrive takes place first routing and everything will be checked. 07:21.010 --> 07:21.520 Right? 07:22.880 --> 07:26.450 After the routing Mpls don't worry about. 07:31.050 --> 07:31.860 Similar, but better. 07:40.480 --> 07:40.870 Shut. 07:42.940 --> 07:43.780 And they beat out. 07:49.050 --> 07:49.880 When it starts. 07:53.610 --> 07:54.300 R2 is done. 08:58.500 --> 08:58.770 Then. 08:58.950 --> 09:01.230 So r1, R2, r3, r4 set. 09:01.230 --> 09:02.370 I need to fix what? 09:03.860 --> 09:05.450 R5 is the one where I need to do my. 09:08.600 --> 09:08.830 Okay. 09:09.810 --> 09:12.990 First of all, the question is you need to define the VFS. 09:13.620 --> 09:14.280 Very simple. 09:14.790 --> 09:18.630 IPV, RF name it, I'll call it site A. 09:22.210 --> 09:22.810 College site. 09:23.110 --> 09:24.340 There are many options here. 09:24.340 --> 09:25.960 You don't need to learn all of those. 09:26.530 --> 09:28.120 These are used for export import. 09:28.150 --> 09:29.770 These are all used in Mpls. 09:30.310 --> 09:33.130 The one which we are doing here is the most simplest form. 09:33.130 --> 09:34.420 It's called light. 09:35.700 --> 09:37.150 You don't need to worry about these features. 09:37.150 --> 09:38.830 All you need to worry about is. 09:41.460 --> 09:45.180 A the RF is not up unless and until you give it a route distinguisher. 09:45.330 --> 09:47.580 Route distinguisher is nothing but a number. 09:49.030 --> 09:55.150 It has many different ways of applying and why we use it, where we use it that you see in Mpls in case 09:55.150 --> 09:57.550 you move to Mpls right here. 09:57.550 --> 09:59.980 In this case, all you need to do is to bring it up. 09:59.980 --> 10:00.610 To bring it up. 10:00.610 --> 10:02.830 All you need is a number here. 10:03.010 --> 10:03.580 That's it. 10:04.210 --> 10:04.930 Any number. 10:07.430 --> 10:09.920 It's used with a colon and an address. 10:11.430 --> 10:14.230 Number and a column number, colon number. 10:14.250 --> 10:15.610 Why is it used for as. 10:15.810 --> 10:18.170 It has its own boundary numbers. 10:18.180 --> 10:20.640 It uses that later if you're using it for. 10:20.670 --> 10:25.470 Because they use this for communication across across different edges. 10:25.470 --> 10:26.490 Across different. 10:26.850 --> 10:27.450 What do you call it? 10:27.450 --> 10:29.310 Sites across the cloud. 10:30.630 --> 10:33.380 They will use this number to communicate to each other. 10:33.390 --> 10:40.470 Right now for us, we just need to point it out that this is a RF and this is the D for this VR, I'll 10:40.470 --> 10:41.390 create another one. 10:41.400 --> 10:44.010 IPV, RF, I'll call it site B. 10:45.740 --> 10:48.500 Again, this is locally significant. 10:50.220 --> 10:51.360 One, two. 10:52.230 --> 10:53.730 You just have to make sure it's not the same. 10:53.730 --> 10:54.990 You could use any other number. 10:56.090 --> 10:56.390 Right. 10:56.810 --> 10:57.590 The command is show. 10:57.620 --> 10:59.960 It shows you the state right now. 10:59.990 --> 11:00.470 I have site. 11:00.470 --> 11:02.630 A site B is important. 11:02.660 --> 11:06.380 You have to specify one does not matter what as long as they are separate. 11:06.380 --> 11:08.900 It's okay as long as they don't clash. 11:09.890 --> 11:14.540 Right now, you have, what, 1.1 and one colon two. 11:14.690 --> 11:17.360 Do I have I assigned any interfaces right now? 11:17.390 --> 11:19.160 No, Let's do that. 11:20.570 --> 11:21.260 Zero zero. 11:23.850 --> 11:25.110 Uh, this is zero zero. 11:25.140 --> 11:26.010 This is zero zero. 11:26.040 --> 11:27.550 The ones facing up are zero zero. 11:27.900 --> 11:29.460 The one's facing down are zero. 11:29.490 --> 11:29.850 One's. 11:31.560 --> 11:31.950 Right. 11:32.100 --> 11:33.100 So let's do that. 11:33.140 --> 11:34.130 Interface is zero. 11:34.140 --> 11:36.120 Zero is the one pointing towards R1. 11:36.360 --> 11:37.950 And we specify an IP address. 11:37.950 --> 11:38.400 Ten, 11. 11:38.400 --> 11:39.600 11.5. 11:42.860 --> 11:43.220 Shut. 11:44.750 --> 11:50.570 Interface zero zero IP address is 15.1.1 50 6.5. 11:53.510 --> 11:53.810 Check. 11:55.200 --> 11:58.470 Right now, If you want a pink, I should be able to pink. 11:58.500 --> 11:58.890 Ten, 11. 11:58.890 --> 11:59.580 11.1. 12:01.150 --> 12:03.580 But I'm using what normal routing right now. 12:03.580 --> 12:06.700 I have not divided myself into different groups. 12:06.700 --> 12:08.770 The way you do it is the moment you put. 12:09.820 --> 12:15.580 Anything into IP forwarding site A this becomes part of. 12:19.820 --> 12:22.490 It becomes part of what that we are. 12:22.610 --> 12:24.740 So it's removed from the global routing table. 12:26.150 --> 12:28.520 It will not be in your global routing table anymore. 12:28.550 --> 12:29.750 I'll do the same thing for what? 12:29.930 --> 12:32.570 Zero zero IPV RF forwarding. 12:33.740 --> 12:34.340 Site. 12:35.120 --> 12:35.360 Okay. 12:36.840 --> 12:42.910 So serial zero zero and phase zero zero are part of side show IP interface brief. 12:42.930 --> 12:44.280 Everything has been removed. 12:45.030 --> 12:46.620 Now we configure it again. 12:46.890 --> 12:48.270 IP Address 1011. 12:48.270 --> 12:49.560 11.5. 12:54.610 --> 12:56.750 Shirt interface Serial zero zero. 12:56.770 --> 12:58.510 IP is one 51.50. 13:02.030 --> 13:03.800 I configure two interfaces, right? 13:04.070 --> 13:05.990 If I check my routing table right now. 13:08.090 --> 13:09.080 I should see something. 13:09.080 --> 13:10.100 I don't see anything. 13:10.610 --> 13:14.660 Because now you're not in the global routing table anymore. 13:15.020 --> 13:18.350 Now you're working with what VFS. 13:19.340 --> 13:23.330 Every VRF will have its own routing table, its own routing information. 13:25.210 --> 13:27.370 Right interfaces, which it has. 13:27.400 --> 13:30.530 Separately, it will not interact with the other router. 13:30.550 --> 13:32.080 How do you check that routing table? 13:32.080 --> 13:34.840 Show IP route VRF site. 13:35.110 --> 13:35.310 Okay. 13:35.590 --> 13:37.240 Show me the routing table for site. 13:40.670 --> 13:43.760 Right now, only one because cereal is down for cereal to be up. 13:43.760 --> 13:44.960 The other side should also be up. 13:51.430 --> 13:55.540 So IF00000. 13:57.130 --> 13:59.620 For one, are you can have more as many as you want. 14:00.010 --> 14:01.390 Right now I'm doing it this way. 14:02.340 --> 14:03.580 R1 connected to. 14:06.860 --> 14:08.360 Now when Vref is called. 14:08.360 --> 14:08.810 What? 14:10.350 --> 14:13.680 So R1 is connected here and C00. 14:17.430 --> 14:18.410 FA00. 14:19.930 --> 14:27.550 I'll create another one side B which I'll connect to zero one and serial zero one. 14:28.580 --> 14:28.890 Unchained. 14:29.460 --> 14:30.470 No, no, you cannot share. 14:30.650 --> 14:31.460 That's the thing. 14:33.150 --> 14:38.610 Subinterface you can with Subinterface you can, but you cannot share why I showed you this is because 14:38.610 --> 14:42.570 I want to show you that I'll have the same IP address on both these interfaces. 14:44.340 --> 14:47.400 And you'll see that it will not affect earlier it was not allowed. 14:47.400 --> 14:51.330 But since these are two different instances of the VPN, it should be allowed. 14:55.740 --> 15:00.030 So I'll go to Interface Serial zero one Interfaces of the same. 15:01.950 --> 15:02.290 Okay. 15:03.810 --> 15:05.250 IP are forwarding. 15:05.520 --> 15:10.020 I'll call this side PC01 and phase zero one. 15:12.170 --> 15:12.810 Our society. 15:13.800 --> 15:15.660 Did you check your forwarding? 15:17.650 --> 15:18.280 Type it out. 15:21.210 --> 15:22.320 Site B. 15:24.750 --> 15:25.170 Nothing. 15:25.170 --> 15:26.760 Right now I have to specify an IP. 15:30.160 --> 15:32.200 Interface for zero one IP addresses. 15:32.200 --> 15:35.800 Ten dot 3330 3.5. 15:39.720 --> 15:40.870 No shirt interface. 15:41.060 --> 15:41.530 Zero zero. 15:41.640 --> 15:42.680 I'll give it the same address. 15:42.690 --> 15:44.910 151 .56.5. 15:51.960 --> 15:52.650 Check this out. 16:12.080 --> 16:12.680 Check this out. 16:15.610 --> 16:18.940 Same IP addresses on two different interfaces. 16:18.940 --> 16:20.860 I have same IP address. 16:23.040 --> 16:23.700 Correct or not? 16:28.300 --> 16:29.260 How is it possible? 16:29.260 --> 16:30.350 Only because it's VR. 16:31.310 --> 16:36.130 If it was not aware because the routing tables are different, they don't care about each other. 16:37.460 --> 16:38.980 Side A doesn't care about side B. 16:39.290 --> 16:40.200 What would you do to make it? 16:41.410 --> 16:42.970 I put them into different verbs. 16:45.050 --> 16:46.610 No, they they're not linked. 16:46.610 --> 16:46.810 Right. 16:46.820 --> 16:47.990 These are two different characters. 16:48.830 --> 16:49.970 You see them here. 16:49.970 --> 16:54.580 But you have to understand that these are two different routers. 16:56.170 --> 16:58.670 It faces Christ interfaces. 16:58.920 --> 17:02.360 Site has these two site has. 17:05.610 --> 17:06.270 They are not linked. 17:06.300 --> 17:07.480 They will not talk to each other. 17:07.500 --> 17:08.280 These are two separate. 17:10.780 --> 17:11.140 Okay. 17:11.140 --> 17:12.160 I'll do the same thing on. 17:15.000 --> 17:15.470 I six. 17:31.940 --> 17:32.940 Same concept. 17:34.560 --> 17:35.470 IPv4. 17:35.880 --> 17:41.190 Now local the name can change, but just to avoid the confusion, I'll keep it as I think. 17:43.680 --> 17:43.890 Right. 17:45.510 --> 17:46.290 One, one. 17:47.540 --> 17:50.960 Locally significant site B. 17:53.060 --> 17:55.160 Hardy will be, let's say one, two. 17:56.440 --> 18:05.740 Interface Serial zero zero IP vrf Forwarding site A serial zero zero NFA zero zero. 18:09.450 --> 18:10.820 Zero one will be site. 18:24.510 --> 18:25.220 Tripwire. 18:27.320 --> 18:27.680 Correct. 18:29.860 --> 18:32.710 Configured 0000 is inside a. 18:34.120 --> 18:35.800 F01 is inside. 18:36.700 --> 18:42.460 Let's configure them for zero zero is IP address one 5010. 18:44.160 --> 18:44.790 22. 18:45.120 --> 18:46.590 22.6. 18:50.360 --> 18:56.210 Interface zero zero IP address is 153.1.156.6. 18:58.450 --> 18:58.680 Shut. 18:59.670 --> 19:01.920 That's the good thing is 001 is also the same. 19:04.030 --> 19:04.720 The IP is the same. 19:05.880 --> 19:07.110 Zero one is a little different. 19:07.140 --> 19:11.130 Ten .1234 4440 4.6. 19:15.770 --> 19:17.540 Skype VR interfaces. 19:21.020 --> 19:21.680 Check this out. 19:22.790 --> 19:26.120 000 is 56.601 is 56.6. 19:26.120 --> 19:26.990 Also the same. 19:27.900 --> 19:33.570 F00 1022 22.6 and 1044 44.6. 19:34.200 --> 19:34.710 Correct. 19:34.710 --> 19:36.330 Let's just verify on our four. 19:38.280 --> 19:41.850 1044 44.4 Weather outwards six. 19:43.350 --> 19:45.210 And also are to. 19:48.520 --> 19:51.310 1022 six So our six is okay. 19:53.640 --> 19:53.890 Clear. 19:54.900 --> 19:59.880 Now, the good thing that you have to understand is when you ping again, you have to ping. 19:59.910 --> 20:00.800 Using what? 20:04.220 --> 20:06.080 Because you won't be using the same routing table. 20:06.080 --> 20:08.750 You have to tell him which is the ping coming out from. 20:09.930 --> 20:16.800 Pink F and then you specify side A, then you specify the destination. 20:16.800 --> 20:22.140 This pink is coming out of the RF A and the destination is 10.11 point. 20:22.140 --> 20:22.920 11.1. 20:27.470 --> 20:29.770 Houston Live 11 one R1. 20:31.370 --> 20:32.570 Bringing one from where? 20:32.600 --> 20:33.310 Side A. 20:37.750 --> 20:39.520 Now the connection looks like this. 20:50.490 --> 20:52.560 This is how you look like this is not here anymore. 20:54.530 --> 20:55.550 You have this. 20:55.820 --> 21:02.270 151 .56.01 50 dot 150 6.0. 21:02.270 --> 21:05.000 It doesn't make a difference and these addresses are the same. 21:10.860 --> 21:11.280 Okay. 21:11.850 --> 21:14.040 Kidnapping from here to here. 21:15.770 --> 21:17.240 Should be able to ping from here to here. 21:17.390 --> 21:19.700 I should be able to ping from here to here. 21:19.730 --> 21:22.850 Let's ping from R6 is a to R2. 21:27.020 --> 21:29.120 How pink. 21:31.430 --> 21:33.470 Side since I'm bringing from side A. 21:35.850 --> 21:41.850 Saturday, 1022 22.2 to be able to go. 21:42.950 --> 21:43.280 Can. 21:44.320 --> 21:49.450 From side B, I should be able to bring home 1044 44.4. 22:08.240 --> 22:12.560 Not able to swipe interface f0 one. 22:13.360 --> 22:15.340 Showed an interface for zero one. 22:16.120 --> 22:17.940 Is part of side B, So pink. 22:18.900 --> 22:20.040 Side B. 22:21.310 --> 22:22.870 1044 44. 22:27.370 --> 22:28.330 Dancex is me. 22:29.260 --> 22:33.510 Not four is at the same. 22:35.350 --> 22:35.980 What side? 22:35.980 --> 22:36.730 A and side B? 22:39.230 --> 22:39.440 Thank. 22:43.110 --> 22:45.600 There were two different doubters. 22:45.600 --> 22:45.870 Right? 22:47.070 --> 22:48.600 Check out check this out this way. 22:49.170 --> 22:50.910 This is your actual diagram. 22:51.180 --> 22:53.400 They have nothing to do in the in between. 22:53.880 --> 22:54.130 Okay. 22:54.390 --> 22:56.970 So whatever you have here, it has nothing to do with here. 22:57.480 --> 22:58.770 There's a borderline in the middle. 22:58.800 --> 23:00.000 They will not communicate. 23:01.710 --> 23:02.450 Even if I had. 23:03.140 --> 23:03.350 Yeah. 23:03.960 --> 23:04.380 Yeah. 23:04.380 --> 23:05.130 I did it here. 23:05.130 --> 23:05.320 Right. 23:05.340 --> 23:06.270 How did it work here? 23:06.840 --> 23:08.010 Same concept will work here. 23:09.540 --> 23:10.590 That's why I read it here. 23:16.500 --> 23:17.370 How is it different? 23:18.450 --> 23:19.040 Address, right? 23:19.050 --> 23:20.430 It's an interface with an address. 23:20.430 --> 23:22.020 This is an interface with an address. 23:22.170 --> 23:23.970 Same address on the interface. 23:24.240 --> 23:26.430 You're coming from 56.5. 23:26.460 --> 23:27.930 Going to 50 6.6. 23:29.470 --> 23:30.510 Coming from Lebanon. 23:30.550 --> 23:30.840 Lebanon? 23:30.880 --> 23:31.780 Going to Lebanon. 23:31.990 --> 23:32.540 You want me? 23:32.560 --> 23:34.120 You mean this side should be 11? 23:34.120 --> 23:35.570 No, no, that cannot be possible. 23:35.620 --> 23:35.950 Cannot be. 23:36.620 --> 23:37.230 I i by. 23:38.670 --> 23:39.030 You have. 23:39.060 --> 23:39.600 These are two. 23:39.630 --> 23:41.120 Two different company sites, Right. 23:41.130 --> 23:42.720 You cannot have two sites with the same IP. 23:42.750 --> 23:43.710 Why would you do that? 23:47.000 --> 23:50.410 I mean Site 11.11 and site 11.11. 23:50.420 --> 23:51.440 Why would you do that? 23:51.530 --> 23:54.800 Side B, side A and side B will not talk to each other. 23:55.750 --> 23:57.380 This is a right. 23:57.400 --> 24:00.400 This is for a customer completely dedicated to a customer side. 24:00.400 --> 24:04.030 A side B is a different case for a different customer. 24:05.680 --> 24:07.090 And these are two separate things. 24:07.090 --> 24:09.970 If I didn't want it like that, why did I separate them? 24:10.630 --> 24:11.920 I separated them for a reason. 24:11.920 --> 24:12.100 Right? 24:12.100 --> 24:16.720 Because I didn't want them to communicate to each other End to end, you have to make sure the IP's 24:16.750 --> 24:17.230 are correct. 24:21.670 --> 24:22.990 So where was I? 24:24.550 --> 24:25.540 The pink was not happening. 24:25.540 --> 24:27.790 That's because on our four. 24:31.230 --> 24:34.440 To configure not F0 zero, but F0 one. 24:47.000 --> 24:47.630 Let's try again. 24:50.580 --> 24:51.330 Successful. 24:52.210 --> 24:59.260 So our six can communicate to both R two and R four using different VFS. 24:59.290 --> 25:00.940 I'll check it from r five also. 25:02.390 --> 25:09.100 Our five should be able to bring site B ten dot one. 25:09.780 --> 25:11.850 3330 3.3. 25:15.500 --> 25:18.800 Greg also dot one is also. 25:21.750 --> 25:22.470 Good enough. 25:24.480 --> 25:25.500 What about routing? 25:25.860 --> 25:27.870 I want routing to be in place. 25:29.520 --> 25:30.530 I'll just show you one. 25:30.540 --> 25:31.890 The other ones are simpler. 25:32.370 --> 25:33.540 I'll show you OSPF. 25:33.540 --> 25:35.280 Let's run OSPF on the whole thing. 25:36.850 --> 25:37.120 Just. 25:37.120 --> 25:38.080 Just for the fun of it. 25:39.900 --> 25:40.380 What not. 25:40.410 --> 25:40.830 What is not? 25:41.880 --> 25:42.500 Why is it? 25:44.220 --> 25:45.610 Context is supported there. 25:45.900 --> 25:47.170 No routing is not supported. 25:48.090 --> 25:48.930 When we divided. 25:49.200 --> 25:49.980 When we divided. 25:49.980 --> 25:52.460 Because usually when you divide it into context, Right. 25:52.470 --> 25:56.370 You would usually have a default route doing the rest of the job for you. 25:56.820 --> 26:03.030 Everyone will be pointing towards the firewall and you'll have a default route pointing towards here. 26:03.030 --> 26:04.440 It's supported here. 26:04.440 --> 26:04.980 It's supported. 26:05.400 --> 26:06.960 This is different than that. 26:06.960 --> 26:09.360 That provides you failover in so many different features. 26:09.360 --> 26:10.650 This doesn't do anything like that. 26:11.820 --> 26:13.290 One can be used for failover, right? 26:13.290 --> 26:14.910 One goes down, the other comes up here. 26:14.910 --> 26:16.110 You don't have anything like that. 26:17.400 --> 26:18.390 It's very simple here. 26:23.290 --> 26:29.680 Here as everything but everything as the router is getting divided. 26:29.680 --> 26:30.010 Right. 26:30.640 --> 26:31.900 The routing table is different. 26:35.090 --> 26:35.510 Right now. 26:35.510 --> 26:36.100 You can. 26:36.110 --> 26:37.970 Yes, you can. 26:37.970 --> 26:41.540 But whatever you have created, it will act as an individual router. 26:43.530 --> 26:46.870 Say we say no is is is is entirely different. 26:46.990 --> 26:48.670 Contexts are entirely different than that. 26:48.850 --> 26:52.480 When you do it there, it's mostly used for failovers. 26:52.510 --> 26:53.290 Can you divide the. 26:54.450 --> 26:56.350 Here automatically gets done. 26:56.370 --> 26:57.660 You can do it as per the. 26:59.040 --> 27:03.270 You have to understand this is not done for security context or for payload or anything like that. 27:03.600 --> 27:07.620 This is only done for Mpls so that different sites can communicate to each other. 27:07.740 --> 27:12.510 To solve that problem of ten, 11, 11 and ten, 11, 11 two guys having the same address. 27:13.290 --> 27:14.490 To solve that problem. 27:15.460 --> 27:16.270 That's why it's there. 27:17.380 --> 27:19.960 Now, if I can communicate, how do I run routing? 27:20.110 --> 27:23.590 First of all, let's run it on the edge Devices Router OSPF one. 27:23.590 --> 27:25.570 I'll go to the interface zero zero. 27:25.600 --> 27:28.240 I say IP, OSPF one, Area zero. 27:30.060 --> 27:30.360 Okay. 27:31.440 --> 27:31.860 Good enough. 27:32.910 --> 27:34.890 I'll go to LA to do the same thing. 27:35.080 --> 27:37.710 Interface F00. 27:37.740 --> 27:39.750 IP OSPF one area. 27:42.280 --> 27:42.660 R3. 27:47.560 --> 27:51.190 Hypersphere one area zero r4 is F01. 27:57.550 --> 27:58.420 If I remember correctly. 28:01.830 --> 28:02.220 Okay. 28:03.410 --> 28:04.420 Interface levels. 28:05.120 --> 28:08.030 So I enabled OSPF here on all the interfaces. 28:08.630 --> 28:08.930 Correct. 28:10.010 --> 28:12.290 Now I'll go over to our five. 28:12.320 --> 28:18.150 You have to also make sure of one thing when you're doing it in VFS right side. 28:20.010 --> 28:25.140 If you use the process ID one here inside B, you cannot use one. 28:25.140 --> 28:29.790 You have to change the process ID because you don't want the two OSPF processes to communicate. 28:30.030 --> 28:31.890 That's what a process ID does, right? 28:31.920 --> 28:35.340 Make sure that two OSPF processes don't communicate to each other. 28:37.290 --> 28:40.560 If you're doing that, you need to make sure that the other process ID is also different. 28:42.600 --> 28:43.080 That's it. 28:43.080 --> 28:44.400 Everything else is the same. 28:44.970 --> 28:52.220 So what I'll do is since since this side is also area zero and this side is also area zero, does it 28:52.260 --> 28:55.500 make a difference to me if I use that or this? 28:55.620 --> 28:56.850 So I'll go to R5. 29:02.270 --> 29:06.140 I'll say interface for zero zero IP. 29:06.170 --> 29:08.420 First of all, I have to do my router. 29:08.420 --> 29:12.470 OSPF one I have to tell him router OSPF one is in which VRF. 29:14.080 --> 29:14.440 Side. 29:14.530 --> 29:14.740 A. 29:16.280 --> 29:17.090 Router. 29:17.120 --> 29:20.260 OSPF two is in which the RF side. 29:23.070 --> 29:30.900 Then I go to the interfaces interface fast Ethernet zero zero IP, OSPF one Area zero. 29:32.900 --> 29:42.650 Interface Serial zero zero IP OSPF one Area for zero one IP OSPF two Area zero. 29:44.800 --> 29:47.680 Positive zero one IP OSPF to area. 29:51.380 --> 30:01.210 Today, the same thing will be repeated where again from the beginning router OSPF one is in VRF site 30:01.250 --> 30:01.520 A. 30:02.950 --> 30:03.520 Router. 30:03.520 --> 30:07.630 OSPF two is in VRF site. 30:10.890 --> 30:17.550 Interface serial zero zero is IP OSPF one area zero interface zero zero Same. 30:19.560 --> 30:23.030 Zero one is you just change what the process. 30:31.500 --> 30:31.860 Correct. 30:32.610 --> 30:38.190 So now if you check show, IP, OSPF, Neighbors, you have four neighbors. 30:40.900 --> 30:41.890 For neighbors. 30:42.160 --> 30:44.950 One, two, three, four. 30:46.130 --> 30:48.500 Three and four are side by side on the other side. 30:49.880 --> 30:52.540 If you check the address, will be the same for this neighbor. 30:52.550 --> 30:54.350 56.5 50 6.5. 30:57.000 --> 30:57.140 Good. 30:59.270 --> 31:01.400 Show IP route will be still empty. 31:02.180 --> 31:03.380 Show IP route. 31:03.410 --> 31:04.850 VRF site A. 31:06.290 --> 31:07.430 Venture out for sight. 31:07.730 --> 31:09.020 You have learned a new route. 31:09.050 --> 31:09.800 What is that? 31:12.740 --> 31:15.970 11, six, 11, ten, 11 from the other side. 31:16.030 --> 31:18.490 Similarly, R5 will have learned about. 31:21.030 --> 31:21.270 Today. 31:26.610 --> 31:27.690 Ten 2222. 31:34.420 --> 31:35.440 How is it together? 31:39.200 --> 31:42.200 Us shows you what neighbors because process is right. 31:42.440 --> 31:44.420 They are separated by process IDs. 31:45.470 --> 31:48.610 Boys we have separates them on its own self by process. 31:48.620 --> 31:50.750 One process it belongs to one or the other process. 31:50.750 --> 31:55.220 It belongs to Every different protocol that you see now will have their own implementation of VRM, 31:55.820 --> 31:56.300 but they won't. 31:58.660 --> 31:59.250 Just let me. 31:59.440 --> 31:59.540 It. 31:59.970 --> 32:00.250 Yes. 32:02.660 --> 32:04.680 Also, Vref is a local thing. 32:06.330 --> 32:07.650 Yadav is local on route. 32:07.770 --> 32:09.570 It does not affect the other routes. 32:10.960 --> 32:15.040 It's completely local, so R1 has no idea what R5 is doing. 32:15.490 --> 32:19.840 From our perspective, it's just connected to R5 and R5 addresses. 32:19.840 --> 32:22.060 Ten, 11, 11.5. 32:22.090 --> 32:24.250 Similarly for R3, it's connected to R5. 32:24.280 --> 32:27.970 The address is 1033 33.5. 32:28.000 --> 32:30.610 It doesn't know that R5 is actually two routers. 32:32.210 --> 32:33.590 They're using different instances. 32:33.590 --> 32:34.580 He doesn't know that. 32:34.580 --> 32:37.490 The endpoints don't know that they're connected directly to him. 32:37.490 --> 32:44.300 Then R5's job is to connect and create two instances and then move those instances across, basically 32:44.300 --> 32:46.130 move packets based on those instances. 32:47.830 --> 32:48.700 Right local. 32:50.110 --> 32:52.210 It has nothing to do with the neighbor. 32:52.210 --> 32:56.740 If he's using RF If hes not using RF is not worry about that. 32:58.640 --> 32:59.300 Clear, right. 32:59.810 --> 33:04.670 Let's set a pink from R1 to R, 3 or 3. 33:05.690 --> 33:06.500 I want to add two. 33:10.790 --> 33:12.380 I can bring from R1 to R2. 33:16.110 --> 33:17.250 This is the other interface. 33:17.250 --> 33:18.810 So let me ping from R3 for. 33:23.520 --> 33:24.270 It's a normal thing. 33:24.630 --> 33:25.410 There's no difference. 33:27.920 --> 33:28.670 No difference at all. 33:30.370 --> 33:31.210 Nothing changes. 33:32.150 --> 33:34.270 Yeah, it has nothing to do with anything else. 33:34.440 --> 33:35.440 Doesn't change the packet. 33:35.440 --> 33:36.620 Doesn't do anything to the packet. 33:36.640 --> 33:37.330 It just. 33:37.330 --> 33:40.080 Yeah, it just separates the two routing instances. 33:40.090 --> 33:44.620 If he gets a packet from one routing instance, he will only forward it from that instance. 33:44.620 --> 33:46.200 He will not move to the other instance. 33:46.210 --> 33:46.960 That's what he does. 33:47.020 --> 33:49.840 Basically what you're doing is you're linking interfaces together. 33:49.840 --> 33:52.210 So F00 and F00 are linked. 33:52.420 --> 33:56.770 If a packet is coming from F00, it will not leak out from F01 or F01. 33:56.770 --> 33:58.450 It will always go out from f zero. 33:59.210 --> 33:59.590 You so. 34:03.940 --> 34:05.590 Single autonomous system for. 34:07.190 --> 34:07.940 Without us. 34:07.940 --> 34:10.850 It is possible in BGP, BGP call it. 34:12.560 --> 34:13.010 Yes. 34:13.160 --> 34:14.060 There we use it. 34:15.580 --> 34:15.850 Right. 34:17.080 --> 34:18.820 We have something called address family. 34:18.850 --> 34:20.680 We can divide it there also. 34:22.740 --> 34:26.520 Otherwise, yes, you'll have to send out R and D from both sides to do that. 34:30.980 --> 34:31.340 Correct. 34:31.580 --> 34:32.920 My job was not to do this. 34:32.930 --> 34:34.070 My job was to. 34:35.340 --> 34:37.380 Create the tunnel protection is there. 34:37.860 --> 34:39.630 Traffic is going through now. 34:39.630 --> 34:42.360 I want to do what protect it from. 34:44.680 --> 34:46.120 R5 to R6. 34:46.120 --> 34:48.430 I'll create the tunnel directly connected, but who cares? 34:49.000 --> 34:50.620 I'll create the tunnel between the two. 34:51.930 --> 34:53.550 Between R5 and R6. 34:55.680 --> 34:57.480 The map is the only thing that works. 35:01.210 --> 35:02.830 Who doesn't support routing protocols. 35:03.040 --> 35:04.540 I just ran routing protocols. 35:05.200 --> 35:07.930 I'm not running crypto maps for routing protocols. 35:09.280 --> 35:10.270 I'm not going to do that. 35:10.270 --> 35:11.680 I'm going to do a normal one. 35:12.100 --> 35:16.870 Traffic coming from ten, 11, 11 to 1022 will be encapsulated just like before. 35:18.350 --> 35:19.150 Just like before. 35:19.160 --> 35:21.050 That has nothing to do with the routing protocol. 35:22.920 --> 35:25.580 Then it will be like which interesting traffic is going through. 35:26.970 --> 35:28.310 Routing doesn't go through the tunnel. 35:28.320 --> 35:29.470 That's a different story. 35:29.490 --> 35:30.900 This is routing on public. 35:30.900 --> 35:32.670 He knows the public addresses through the routing. 35:34.170 --> 35:35.430 Right now. 35:35.430 --> 35:37.080 Let's try on our five. 35:38.050 --> 35:39.250 The difference. 35:39.760 --> 35:40.900 Let's see the differences. 35:41.660 --> 35:41.910 Right. 35:42.360 --> 35:44.800 First of all, do you remember the IPS here? 35:45.390 --> 35:47.790 151 dot 50 6.5. 35:47.820 --> 35:49.870 This is 151 dot 50 6.5. 35:49.890 --> 35:53.070 Also, just to avoid any confusion, let me see if I can ping. 35:54.780 --> 35:59.250 I should be able to, obviously, because I'm able to communicate side to side, but still, just to 35:59.250 --> 36:00.060 show you that. 36:01.180 --> 36:05.770 This can be to address dot six and this would be dot six. 36:06.980 --> 36:10.430 Two different sites, although that one is going from 0 to 0. 36:10.460 --> 36:11.840 This is going from zero one. 36:13.850 --> 36:16.670 Okay, Because now I'm going to be using my set command. 36:16.850 --> 36:18.650 I don't want you to confuse yourself there. 36:20.950 --> 36:22.090 This one we already know. 36:34.780 --> 36:36.520 I will not specify my key right now. 36:49.590 --> 36:50.550 Access list. 36:51.690 --> 36:52.230 101. 36:52.230 --> 36:55.890 Permit traffic coming from 1011. 36:55.900 --> 36:56.880 11.0. 37:04.040 --> 37:07.430 Excuse me, I'm going to ten 2220 2.0. 37:10.370 --> 37:11.540 Crypto map. 37:11.990 --> 37:13.550 I call it I map one. 37:15.890 --> 37:16.400 IPCC. 37:17.560 --> 37:19.480 As you can see here. 37:19.490 --> 37:20.260 Who's my other peer? 37:21.750 --> 37:22.500 Devin started. 37:23.160 --> 37:25.680 Onefifty .1.56.6. 37:27.720 --> 37:29.220 Correct set. 37:30.690 --> 37:32.700 Transform set to set. 37:34.630 --> 37:36.610 Match address. 37:38.750 --> 37:39.740 This is what I used to do. 37:40.520 --> 37:41.720 The only thing missing here is. 37:41.720 --> 37:42.170 What? 37:45.270 --> 37:45.950 We have to do that. 37:47.510 --> 37:48.730 That's that's what I'm saying, Right? 37:48.740 --> 37:50.510 We are missing something now. 37:50.510 --> 37:50.950 Right now. 37:50.960 --> 37:56.510 See, this part will not cause a problem because I'll be applying the crypto map to the interface. 37:56.510 --> 38:01.420 Whichever interface the VRF belongs to, it will only be applied to that urf. 38:01.820 --> 38:02.360 Correct. 38:02.570 --> 38:06.260 That wouldn't be a problem because interfaces are already in VFS. 38:06.650 --> 38:09.770 The only problem would be when you're sending the key. 38:09.800 --> 38:10.460 Remember the key. 38:10.490 --> 38:11.870 Where is the key taken from? 38:15.160 --> 38:16.690 From the local router. 38:17.770 --> 38:18.850 From the local router. 38:18.850 --> 38:19.270 Right. 38:19.390 --> 38:23.140 At that time, he doesn't know which key to use if you use your normal here. 38:23.290 --> 38:27.040 Address Crypto ice cap key. 38:27.070 --> 38:28.780 Cisco address. 38:29.720 --> 38:31.970 150 1.5 56.6. 38:32.450 --> 38:36.140 It wouldn't be able to take this because this belongs to the global table. 38:36.660 --> 38:42.720 They said if you do it this way, you will have to find out a way to put the key in the VRF. 38:44.630 --> 38:48.050 Which is done using the command crypto. 38:49.880 --> 38:50.300 Keating. 38:51.760 --> 38:54.730 And you specify the name of the keyring, I'll call it CR one. 39:01.260 --> 39:04.660 Remember Ik v2 we had v2 keyring, right? 39:05.050 --> 39:08.300 Isaac Camp also has a keyring, but until now we never used it. 39:08.330 --> 39:09.800 Now we will use it. 39:09.920 --> 39:12.500 KeyRing R1 Which VR app does this belong to? 39:13.220 --> 39:14.270 Let's say site A. 39:17.250 --> 39:17.970 Pre-shared key. 39:19.240 --> 39:20.350 Address will be. 39:20.350 --> 39:24.610 151 .56.6 and the key will be what? 39:28.860 --> 39:29.880 To specify the key. 39:30.720 --> 39:33.060 Okay, So what you're saying is. 39:35.360 --> 39:36.700 Crypto ice cap. 39:36.710 --> 39:37.430 No, not crypto. 39:37.430 --> 39:38.710 Ice Crypto keyring. 39:39.660 --> 39:39.970 Here. 39:39.990 --> 39:41.160 One is in which we are. 39:42.980 --> 39:45.200 Site here Sipri. 39:46.780 --> 39:47.350 She said. 39:48.490 --> 39:52.210 He addressed basically the next half. 39:52.240 --> 39:56.710 150 .1.56.6 and the key is Cisco. 39:59.090 --> 39:59.510 Okay. 40:00.880 --> 40:01.330 Copy it. 40:04.620 --> 40:05.280 Applied to. 40:07.690 --> 40:09.160 If you have only one. 40:10.270 --> 40:11.890 If you have only one, it's okay. 40:12.250 --> 40:16.750 But if you have more than one sites say you have site B Also, you have to be careful. 40:17.900 --> 40:23.150 Because then how will you tell him which belongs to which instance? 40:25.600 --> 40:30.820 Not IPsec profile will now also make another if you have one is okay it will work. 40:30.820 --> 40:31.360 Without that. 40:32.350 --> 40:34.480 If you have more than one, it's better. 40:34.480 --> 40:40.570 It might still work without it, but it's better if you create a crypto cam profile. 40:41.890 --> 40:42.870 I'll call it Ik. 40:43.060 --> 40:43.690 Prof. 40:43.840 --> 40:44.470 Prof. 40:44.470 --> 40:44.830 One. 40:47.840 --> 40:51.310 Then we do that and check out the first statement it gives me. 40:52.340 --> 40:53.650 So I'll help you configure it. 40:53.680 --> 40:57.640 It says it is deemed incomplete unless you specify the identity address. 40:57.670 --> 40:59.590 Match identity address. 40:59.590 --> 41:01.720 What is the identity address on the other side? 41:01.990 --> 41:03.160 56.6. 41:03.190 --> 41:05.740 You also here have to specify the VRF. 41:12.120 --> 41:16.370 Then what is the key thing that I'm going to be using for this ICC profile? 41:16.870 --> 41:19.980 CR one And what does this belong to? 41:22.730 --> 41:23.130 It's like. 41:24.180 --> 41:26.160 Where do you think I'll call this profile? 41:29.030 --> 41:30.380 So you have the map. 41:31.730 --> 41:33.610 I map 110. 41:36.390 --> 41:38.100 IPsec Isakmp. 41:38.100 --> 41:38.310 Here. 41:38.310 --> 41:38.610 I set. 41:38.640 --> 41:38.850 Set. 41:38.880 --> 41:40.020 Transform, set and everything. 41:40.020 --> 41:40.390 Right. 41:40.470 --> 41:43.200 I will also say set Isakmp profile. 41:46.750 --> 41:47.470 I named it something. 41:51.030 --> 41:51.770 I brought one. 42:02.890 --> 42:03.880 Did you understand what I did? 42:14.850 --> 42:15.340 Is everything. 42:16.030 --> 42:16.930 So I didn't paste it. 42:17.920 --> 42:19.000 I just did it here. 42:29.060 --> 42:29.640 So done. 42:29.690 --> 42:30.530 Section three. 42:32.900 --> 42:34.670 Always the same at five, right? 42:35.270 --> 42:35.720 Ten, 11. 42:35.720 --> 42:36.410 11, zero. 42:37.840 --> 42:38.860 This is what I did. 42:39.940 --> 42:43.130 56.6 is the other guy which I want to create my tunnel with. 42:43.150 --> 42:45.520 So my key should be sent to 56.6. 42:45.550 --> 42:47.050 If it's only one, it's okay. 42:47.050 --> 42:47.770 If you have more than one. 42:47.870 --> 42:51.100 You also need to create a profile in the profile. 42:51.100 --> 42:58.060 You say this profile is for site A, The key ring is CR one, where you key is obviously the Cisco, 42:58.060 --> 43:01.900 and then your match identity address is the address on the other side plus his. 43:04.950 --> 43:05.820 You bind it. 43:05.820 --> 43:06.090 Where? 43:06.090 --> 43:08.210 In imap Suicide. 43:08.220 --> 43:09.780 I profile I. 43:10.200 --> 43:11.560 That's all you have to do. 43:11.610 --> 43:16.050 Then go to interface zero zero crypto map iMap one. 43:20.350 --> 43:21.190 Again here. 43:23.470 --> 43:26.010 Crypto icecap profile. 43:26.240 --> 43:26.550 I. 43:29.970 --> 43:31.480 Like Prof. 43:31.660 --> 43:32.010 One. 43:34.040 --> 43:37.550 I said match identity. 43:38.650 --> 43:43.060 Address is one 51.50 6.6 Vref is. 43:45.540 --> 43:45.690 It. 43:47.040 --> 43:48.090 Then I also say kidding. 43:50.400 --> 43:50.910 Is. 43:52.380 --> 43:55.350 And the IRS is. 43:58.310 --> 43:58.820 Bind it. 43:58.820 --> 43:59.030 Where? 43:59.030 --> 43:59.630 In the map. 44:01.560 --> 44:05.580 Believes a set transform that you also say set, I say can profile. 44:08.630 --> 44:09.100 Big problem. 44:10.840 --> 44:11.110 Today. 44:12.670 --> 44:14.050 This is from one side. 44:15.370 --> 44:16.390 Where do I bind it? 44:16.420 --> 44:17.470 Interface Serial. 44:19.260 --> 44:19.710 Interface. 44:19.710 --> 44:20.580 000. 44:21.180 --> 44:22.050 Crypto Map. 44:24.620 --> 44:26.120 Where do I buying this? 44:27.530 --> 44:29.600 I have one on serial zero zero. 44:29.960 --> 44:34.310 I will also need to do the same thing on the other side on R6. 44:34.310 --> 44:34.850 Right. 44:34.970 --> 44:35.810 Let's copy and see. 44:35.840 --> 44:36.130 What. 44:36.140 --> 44:37.640 What do I need to change here? 44:40.620 --> 44:41.610 Policy is the same. 44:43.650 --> 44:45.090 Address will change to five. 44:47.390 --> 44:48.440 ACL will reverse. 44:59.690 --> 45:00.350 I guess. 45:01.710 --> 45:02.250 The best. 45:04.090 --> 45:04.760 That's it. 45:04.780 --> 45:07.050 Even the application is on serial zero zero. 45:28.680 --> 45:29.040 Yeah. 45:32.550 --> 45:34.350 I'm sorry, I said that is in the second. 45:36.100 --> 45:37.280 This is in a separate line. 45:52.540 --> 45:53.080 Verify. 45:58.150 --> 45:58.600 Here it is. 45:58.600 --> 45:59.050 Okay. 45:59.590 --> 46:01.150 The address of the peer is okay. 46:01.630 --> 46:03.420 I have the same policies. 46:03.430 --> 46:06.010 Site a CR one address. 46:06.040 --> 46:06.640 Okay. 46:06.670 --> 46:07.640 Seems fine. 46:07.690 --> 46:09.850 Also applied to the interface. 46:10.240 --> 46:11.080 I have. 46:12.030 --> 46:12.630 My. 46:12.660 --> 46:14.520 I don't know which place is this standing on? 46:15.000 --> 46:17.660 This is zero one, so I'll have to monitor the other one also. 46:42.030 --> 46:42.840 000. 46:43.140 --> 46:46.950 Let's send interesting traffic from R2 to R1. 46:53.180 --> 46:53.780 Goes through. 46:55.890 --> 46:56.310 Check here. 46:59.830 --> 47:00.820 Online packets. 47:05.690 --> 47:08.510 GSP also has gone through like no difference at all. 47:09.140 --> 47:12.950 If you check your crypto IPsec, that remains the same show. 47:13.070 --> 47:18.500 Crypto IPsec will show you exactly which vrf you are protecting. 47:19.220 --> 47:23.870 This is for VRF A and then packets have gone in and gone out. 47:24.890 --> 47:26.150 And the same stuff. 47:26.150 --> 47:27.770 I don't see any difference in this one. 47:28.980 --> 47:31.320 It's not really anything difficult. 47:31.320 --> 47:33.570 It's the same thing that you have done until now. 47:34.060 --> 47:35.070 Exact same thing. 47:36.340 --> 47:39.430 You just have to make sure that the keyring and profile are applied. 47:40.280 --> 47:41.080 You can do that. 47:41.730 --> 47:42.090 That's it. 47:43.550 --> 47:44.430 It's nothing different. 47:44.450 --> 47:45.680 Everything will be done for you. 47:45.710 --> 47:46.730 Routing will be done for you. 47:47.090 --> 47:48.020 Will be done for you. 47:48.530 --> 47:51.410 Your routes will always already be there. 47:52.460 --> 47:54.050 All you have to do is apply the VPN. 47:54.080 --> 47:54.620 How? 47:54.660 --> 47:56.240 Just use the keyring and the profile. 47:56.270 --> 47:57.050 Bind them together. 48:01.340 --> 48:01.550 The. 48:02.800 --> 48:03.050 Sorry. 48:03.490 --> 48:04.240 The what? 48:06.010 --> 48:07.760 Right now, the one which I'm doing is I'm on. 48:07.780 --> 48:09.250 I'm doing it on the service provider. 48:09.250 --> 48:09.610 Yes. 48:12.230 --> 48:14.450 To end because we will not be usually home. 48:15.050 --> 48:17.840 Home based users will not use our in a company you will not use. 48:18.230 --> 48:19.070 Why would you use it? 48:19.070 --> 48:20.300 You just use two different routers. 48:22.830 --> 48:23.550 Click here. 48:24.300 --> 48:25.530 Let's do the other one. 48:28.940 --> 48:29.810 These are. 48:30.910 --> 48:32.320 Be beat out. 48:33.150 --> 48:33.760 Knock, knock. 48:34.480 --> 48:35.620 These are somewhere in the middle. 48:38.020 --> 48:39.460 After the label has gone through. 48:41.290 --> 48:42.310 What is this? 48:43.470 --> 48:44.580 Do I need the other one? 48:44.580 --> 48:44.820 Right? 48:44.820 --> 48:45.960 I need to do the other one. 48:45.990 --> 48:46.920 The other side. 48:47.280 --> 48:48.570 Do I need to change this? 48:49.170 --> 48:51.930 I need to create a new keyring though. 48:54.190 --> 48:55.420 I need to create a new keyring. 48:56.020 --> 48:58.180 I'll call it R2 for. 48:59.680 --> 49:00.670 Side B. 49:02.460 --> 49:05.940 Address is the same because the peer is the same and he is the same. 49:05.940 --> 49:07.050 So this should be okay. 49:07.740 --> 49:08.460 Transform set. 49:08.460 --> 49:09.750 I'll use the same transform set. 49:09.780 --> 49:12.300 No problems with that access list. 49:12.420 --> 49:13.510 I need to create a new. 49:16.260 --> 49:20.240 Or to permit IP going from 1033 33 zero. 49:21.920 --> 49:22.310 Going to. 49:22.310 --> 49:24.900 1044 44.0. 49:26.990 --> 49:27.380 Correct. 49:28.520 --> 49:29.630 What about the next part? 49:29.670 --> 49:30.620 Is the cam profile? 49:30.620 --> 49:31.670 I do need a new one. 49:33.450 --> 49:33.870 Right. 49:35.180 --> 49:36.110 I'll call it too. 49:36.500 --> 49:37.570 The address is the same. 49:37.580 --> 49:39.200 It's just that this is site. 49:40.950 --> 49:44.850 Side, B and K is key to the other way. 49:46.220 --> 49:46.400 Yeah. 49:48.270 --> 49:48.490 Done. 49:49.050 --> 49:49.710 Crypto map. 49:50.600 --> 49:54.430 I would require a new one because it's a different, completely different interface. 49:54.430 --> 49:56.190 So I have to apply it to a new interface. 49:56.400 --> 49:57.920 I'll call it to the pier. 49:57.930 --> 50:01.460 Address will remain the same though the set will remain the same. 50:01.470 --> 50:03.120 Ik profile becomes two. 50:03.420 --> 50:08.220 Address becomes two and the way you apply it is. 50:08.310 --> 50:10.020 Interface Serial zero one. 50:11.700 --> 50:12.740 Crypto map. 50:13.000 --> 50:13.370 Map. 50:16.430 --> 50:22.040 Okay, so let's start copying from here again, the ones which I made a change in this one. 50:24.410 --> 50:25.340 It'll be pasted. 50:28.330 --> 50:31.210 Access this 1 or 2, I would require it again. 50:33.150 --> 50:35.160 Then the other profile. 50:40.400 --> 50:40.650 Correct. 50:42.250 --> 50:42.930 You have the map. 50:46.010 --> 50:49.250 Interface Serial zero one Crypto Map iMap. 50:54.720 --> 50:56.670 Let's have a look at the changes on the other side. 51:15.190 --> 51:16.680 This becomes not five. 51:17.520 --> 51:18.170 Access list. 51:18.180 --> 51:20.550 I copied the whole thing, so I'm changing the whole thing. 51:22.140 --> 51:24.360 Access, it gets reversed. 51:28.850 --> 51:30.690 Press become dot five. 51:34.030 --> 51:35.790 I guess becomes at five. 51:36.940 --> 51:37.560 Got five. 51:37.570 --> 51:38.860 Everything else is the same. 51:39.040 --> 51:40.210 Though you apply it also. 51:41.200 --> 51:42.400 So just copy it. 51:53.530 --> 51:53.850 Correct. 52:03.250 --> 52:04.030 Copy it again. 52:07.100 --> 52:10.520 She overrides it again. 52:11.060 --> 52:13.160 Hopefully it doesn't cause a problem. 52:13.550 --> 52:15.140 Access list will be messed up though. 52:16.110 --> 52:17.460 Show access list. 52:18.040 --> 52:18.470 You know. 52:29.000 --> 52:30.530 So access. 52:32.710 --> 52:33.370 It's okay now. 52:34.850 --> 52:36.470 Let's try the first tunnel is up on. 52:46.600 --> 52:48.880 R6 needs to be pasted with the second one. 52:59.980 --> 53:02.260 Short section crypto. 53:09.850 --> 53:10.120 Okay. 53:10.120 --> 53:10.480 Right. 53:11.530 --> 53:12.710 The addresses are okay. 53:12.730 --> 53:13.800 The maps are okay. 53:13.810 --> 53:15.560 The way I've applied is also okay. 53:15.580 --> 53:21.790 So at this point, our four should be able to go to 33.3. 53:23.940 --> 53:26.790 Goes through Show Crypto IPsec. 53:28.940 --> 53:30.200 You have two essays now. 53:31.190 --> 53:35.300 One is for VF one, one is for VR to site a VR site. 53:35.780 --> 53:37.430 The packets are going through it. 53:38.770 --> 53:40.420 I don't see anything different. 53:41.050 --> 53:43.810 So the crypto IPsec. 53:45.320 --> 53:45.800 Gaps. 53:48.080 --> 53:49.040 Send more traffic. 53:51.990 --> 53:54.150 You've seen that It'll be going through the second tunnel. 53:54.420 --> 53:56.210 Send more traffic from R2. 53:57.270 --> 53:59.110 Be going from the first to. 54:02.000 --> 54:02.360 Okay. 54:02.780 --> 54:03.680 Any questions? 54:06.450 --> 54:09.270 Any questions on this and how it works? 54:11.270 --> 54:11.920 It's good, right? 54:13.620 --> 54:14.610 That's what we are. 54:15.540 --> 54:16.560 We are aware. 54:16.560 --> 54:18.380 We call this we are aware VPNs. 54:19.620 --> 54:25.770 So you have some routers with the RF enabled how to enable the VPNs, how to enable IPsec services on 54:25.770 --> 54:26.860 that router. 54:26.880 --> 54:27.600 This is how. 54:28.380 --> 54:29.600 It's nothing complicated.