分享一個自己做的DMVPN配置試驗 安魂曲

來源:本站原創 VPN 超過801 views圍觀 0條評論

分享一個自己做的DMVPN配置試驗

試驗環境:
3臺3640路由器,1臺3640模擬的交換機,為HUB-SPOKE結構
IOS采用:c3640-jk9o3s-mz.124-10a.bin
拓撲見附件:
配置如下:
HUB: 復制內容到剪貼板代碼:hostname HUB
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
mode transport
!
crypto ipsec profile vpn
set transform-set myset
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Tunnel0
ip address 192.168.16.1 255.255.255.0
no ip redirects
ip mtu 1416
no ip next-hop-self eigrp 1
ip nhrp authentication nhrp-pwd
ip nhrp map multicast dynamic
ip nhrp network-id 1
no ip split-horizon eigrp 1
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile vpn
!
interface Ethernet0/0
ip address 172.16.16.1 255.255.255.0
full-duplex
!
router eigrp 1
network 1.0.0.0
network 192.168.16.0
no auto-summary
!
ip http server
no ip http secure-server
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!SpokeA: 復制內容到剪貼板代碼:
!hostname Spoke1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
mode transport
!
crypto ipsec profile vpn
set transform-set myset
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Tunnel0
ip address 192.168.16.2 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication nhrp-pwd
ip nhrp map 192.168.16.1 172.16.16.1
ip nhrp map multicast 172.16.16.1
ip nhrp network-id 1
ip nhrp nhs 192.168.16.1
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile vpn
!
interface Ethernet0/0
ip address 172.16.16.2 255.255.255.0
full-duplex
!
router eigrp 1
network 2.0.0.0
network 192.168.16.0
no auto-summary
!
ip http server
no ip http secure-server
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
endSpokeB 復制內容到剪貼板代碼:hostname Spoke2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
mode transport
!
crypto ipsec profile vpn
set transform-set myset
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Tunnel0
ip address 192.168.16.3 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication nhrp-pwd
ip nhrp map 192.168.16.1 172.16.16.1
ip nhrp map multicast 172.16.16.1
ip nhrp network-id 1
ip nhrp nhs 192.168.16.1
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile vpn
!
interface Ethernet0/0
ip address 172.16.16.3 255.255.255.0
full-duplex
!
!
router eigrp 1
network 3.0.0.0
network 192.168.16.0
no auto-summary
!
ip http server
no ip http secure-server
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end試驗目的:了解熟悉DMVPN的工作原理,以及IPSEC-ISAKMP的兩階段工作原理
測試實驗結果:使用show crypto isakm sa和show crypto ipsec sa驗證兩階段的現象已經顯示出動態生成的SPOKEA和SPOKEB之間動態生成的隧道
[本帖最后由 安魂曲 于 2007-7-12 15:46 編輯]附件分享一個自己做的DMVPN配置試驗  安魂曲 - dc31151 - 李蕭明DMVPN1.jpg(24.49 KB)

2007-7-12 15:18

449234062847054681[1]

文章出自:CCIE那點事 http://www.qdxgqk.live/ 版權所有。本站文章除注明出處外,皆為作者原創文章,可自由引用,但請注明來源。 禁止全文轉載。
本文鏈接:http://www.qdxgqk.live/?p=194轉載請注明轉自CCIE那點事
如果喜歡:點此訂閱本站
  • 相關文章
  • 為您推薦
  • 各種觀點
?
暫時還木有人評論,坐等沙發!
發表評論

您必須 [ 登錄 ] 才能發表留言!

?
?
萌宠夺宝游戏