分享一个自己做的DMVPN配置试验 安魂曲

来源:本站原创 VPN 超过717 views围观 0条评论

分享一个自己做的DMVPN配置试验

试验环境:
3台3640路由器,1台3640模拟的交换机,为HUB-SPOKE结构
IOS采用:c3640-jk9o3s-mz.124-10a.bin
拓扑见附件:
配置如下:
HUB: 复制内容到剪贴板代码:hostname HUB
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
mode transport
!
crypto ipsec profile vpn
set transform-set myset
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Tunnel0
ip address 192.168.16.1 255.255.255.0
no ip redirects
ip mtu 1416
no ip next-hop-self eigrp 1
ip nhrp authentication nhrp-pwd
ip nhrp map multicast dynamic
ip nhrp network-id 1
no ip split-horizon eigrp 1
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile vpn
!
interface Ethernet0/0
ip address 172.16.16.1 255.255.255.0
full-duplex
!
router eigrp 1
network 1.0.0.0
network 192.168.16.0
no auto-summary
!
ip http server
no ip http secure-server
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!SpokeA: 复制内容到剪贴板代码:
!hostname Spoke1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
mode transport
!
crypto ipsec profile vpn
set transform-set myset
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Tunnel0
ip address 192.168.16.2 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication nhrp-pwd
ip nhrp map 192.168.16.1 172.16.16.1
ip nhrp map multicast 172.16.16.1
ip nhrp network-id 1
ip nhrp nhs 192.168.16.1
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile vpn
!
interface Ethernet0/0
ip address 172.16.16.2 255.255.255.0
full-duplex
!
router eigrp 1
network 2.0.0.0
network 192.168.16.0
no auto-summary
!
ip http server
no ip http secure-server
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
endSpokeB 复制内容到剪贴板代码:hostname Spoke2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
mode transport
!
crypto ipsec profile vpn
set transform-set myset
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Tunnel0
ip address 192.168.16.3 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication nhrp-pwd
ip nhrp map 192.168.16.1 172.16.16.1
ip nhrp map multicast 172.16.16.1
ip nhrp network-id 1
ip nhrp nhs 192.168.16.1
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile vpn
!
interface Ethernet0/0
ip address 172.16.16.3 255.255.255.0
full-duplex
!
!
router eigrp 1
network 3.0.0.0
network 192.168.16.0
no auto-summary
!
ip http server
no ip http secure-server
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end试验目的:了解熟悉DMVPN的工作原理,以及IPSEC-ISAKMP的两阶段工作原理
测试实验结果:使用show crypto isakm sa和show crypto ipsec sa验证两阶段的现象已经显示出动态生成的SPOKEA和SPOKEB之间动态生成的隧道
[本帖最后由 安魂曲 于 2007-7-12 15:46 编辑]附件分享一个自己做的DMVPN配置试验  安魂曲 - dc31151 - 李萧明DMVPN1.jpg(24.49 KB)

2007-7-12 15:18

449234062847054681[1]

文章出自:CCIE那点事 http://www.jdccie.com/ 版权所有。本站文章除注明出处外,皆为作者原创文章,可自由引用,但请注明来源。 禁止全文转载。
本文链接:http://www.jdccie.com/?p=194转载请注明转自CCIE那点事
如果喜欢:点此订阅本站
  • 相关文章
  • 为您推荐
  • 各种观点

暂时还木有人评论,坐等沙发!
发表评论

您必须 [ 登录 ] 才能发表留言!