РАЗРАБОТКИ РЭА   |    CISCO  ]



    DMVPN (Dynamic Multipoint VPN)

l2l


=== HUB === 
!
hostname R1
!
crypto isakmp policy 20
 authentication pre-share
crypto isakmp key isakmpkey address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set DMVPN-TR esp-des
 mode transport
!
crypto ipsec profile DMVPN
 set transform-set DMVPN-TR
!
interface Tunnel0
 ip address 10.10.10.1 255.255.255.0
 no ip redirects
 ip mtu 1416
 no ip next-hop-self eigrp 1
 ip nhrp authentication nhrppass
 ip nhrp map multicast dynamic
 ip nhrp network-id 999
 no ip split-horizon eigrp 1
 tunnel source FastEthernet1/0
 tunnel mode gre multipoint
 tunnel key 999
 tunnel protection ipsec profile DMVPN
!
interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.0
!
interface FastEthernet1/0
 ip address 192.168.1.1 255.255.255.0
!
router eigrp 1
 network 10.1.1.0 0.0.0.255
 network 10.10.10.0 0.0.0.255
 no auto-summary
!
ip route 192.168.3.0 255.255.255.0 192.168.1.2
ip route 192.168.5.0 255.255.255.0 192.168.1.2
!

=== SPOKE 1 === 
!
hostname R3
!
crypto isakmp policy 20
 authentication pre-share
crypto isakmp key isakmpkey address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set DMVPN-TR esp-des
 mode transport
!
crypto ipsec profile DMVPN
 set transform-set DMVPN-TR
!
interface Tunnel0
 ip address 10.10.10.3 255.255.255.0
 no ip redirects
 ip mtu 1416
 ip nhrp authentication nhrppass
 ip nhrp map 10.10.10.1 192.168.1.1
 ip nhrp map multicast 192.168.1.1
 ip nhrp network-id 999
 ip nhrp nhs 10.10.10.1
 ip nhrp registration no-unique
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel key 999
 tunnel protection ipsec profile DMVPN
!
interface FastEthernet0/0
 ip address 192.168.3.3 255.255.255.0
!
interface FastEthernet0/1
 ip address 10.1.3.3 255.255.255.0
!
router eigrp 1
 network 10.1.3.0 0.0.0.255
 network 10.10.10.0 0.0.0.255
 no auto-summary
!
ip route 192.168.1.0 255.255.255.0 192.168.3.2
ip route 192.168.5.0 255.255.255.0 192.168.3.2
!

=== SPOKE 2 === 
!
hostname R5
!
crypto isakmp policy 20
 authentication pre-share
crypto isakmp key isakmpkey address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set DMVPN-TR esp-des
 mode transport
!
crypto ipsec profile DMVPN
 set transform-set DMVPN-TR
!
interface Tunnel0
 ip address 10.10.10.5 255.255.255.0
 no ip redirects
 ip mtu 1416
 ip nhrp authentication nhrppass
 ip nhrp map 10.10.10.1 192.168.1.1
 ip nhrp map multicast 192.168.1.1
 ip nhrp network-id 999
 ip nhrp nhs 10.10.10.1
 ip nhrp registration no-unique
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel key 999
 tunnel protection ipsec profile DMVPN
!
interface FastEthernet0/0
 ip address 192.168.5.5 255.255.255.0
!
interface FastEthernet0/1
 ip address 10.1.5.5 255.255.255.0
!
router eigrp 1
 network 10.1.5.0 0.0.0.255
 network 10.10.10.0 0.0.0.255
 no auto-summary
!
ip route 192.168.1.0 255.255.255.0 192.168.5.2
ip route 192.168.3.0 255.255.255.0 192.168.5.2
!