Nerdy Drunk

Drunk on technology

User Tools

Site Tools


cisco:ios-dmvpn

Cisco IOS DMVPN

Description

When using EIGRP with classless subnets remember to disable auto summary.

Configurations

Router 101

! 
crypto keyring keyring-vpn 
  local-address 12.101.0.2
  pre-shared-key address 0.0.0.0 0.0.0.0 key tunvpnkey
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
crypto isakmp profile isakmp-vpn
   keyring keyring-vpn
   match identity address 0.0.0.0 
   local-address 12.101.0.2
!
crypto ipsec transform-set tset-vpn esp-aes esp-sha-hmac 
!
crypto ipsec profile ipsec-profile
 set transform-set tset-vpn 
 set pfs group5
!
interface Tunnel1
 ip address 172.16.1.1 255.255.255.0
 no ip redirects
 ip mtu 1400
 no ip next-hop-self eigrp 10
 ip nhrp authentication nhrpauth
 ip nhrp map multicast dynamic
 ip nhrp network-id 10101
 ip nhrp holdtime 300
 ip tcp adjust-mss 1379
 no ip split-horizon eigrp 10
 delay 1000
 tunnel source 12.101.0.2
 tunnel mode gre multipoint
 tunnel key 10101
 tunnel protection ipsec profile ipsec-profile
!
interface FastEthernet0/0
 ip address 12.101.0.2 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.101.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
router eigrp 10
 network 10.101.0.0 0.0.255.255
 network 172.16.1.0 0.0.0.255
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 12.101.0.1
!
ip nat inside source route-map rmap-nat interface FastEthernet0/0 overload
!
ip access-list extended acl-nat
 permit ip 10.101.0.0 0.0.255.255 any
!
route-map rmap-nat permit 10
 match ip address acl-nat
!

Router 102

! 
crypto keyring keyring-vpn 
  local-address FastEthernet0/0
  pre-shared-key address 0.0.0.0 0.0.0.0 key tunvpnkey
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
crypto isakmp profile isakmp-vpn
   keyring keyring-vpn
   match identity address 0.0.0.0 
   local-address FastEthernet0/0
!
crypto ipsec transform-set tset-vpn esp-aes esp-sha-hmac 
!
crypto ipsec profile ipsec-profile
 set transform-set tset-vpn 
 set pfs group5
!
interface Tunnel1
 ip address 172.16.1.2 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication nhrpauth
 ip nhrp map 172.16.1.1 12.101.0.2
 ip nhrp map multicast 12.101.0.2
 ip nhrp network-id 10101
 ip nhrp holdtime 300
 ip nhrp nhs 172.16.1.1
 ip tcp adjust-mss 1379
 delay 1000
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel key 10101
 tunnel protection ipsec profile ipsec-profile
!
interface FastEthernet0/0
 ip address 12.102.0.2 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.102.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
router eigrp 10
 network 10.102.0.0 0.0.255.255
 network 172.16.1.0 0.0.0.255
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 12.102.0.1
!
ip nat inside source route-map rmap-nat interface FastEthernet0/0 overload
!
ip access-list extended acl-nat
 permit ip 10.102.0.0 0.0.255.255 any
!
route-map rmap-nat permit 10
 match ip address acl-nat
!

Router 103

! 
crypto keyring keyring-vpn 
  local-address FastEthernet0/0
  pre-shared-key address 0.0.0.0 0.0.0.0 key tunvpnkey
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
crypto isakmp profile isakmp-vpn
   keyring keyring-vpn
   match identity address 0.0.0.0 
   local-address FastEthernet0/0
!
crypto ipsec transform-set tset-vpn esp-aes esp-sha-hmac 
!
crypto ipsec profile ipsec-profile
 set transform-set tset-vpn 
 set pfs group5
!
interface Tunnel1
 ip address 172.16.1.3 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication nhrpauth
 ip nhrp map 172.16.1.1 12.101.0.2
 ip nhrp map multicast 12.101.0.2
 ip nhrp network-id 10101
 ip nhrp holdtime 300
 ip nhrp nhs 172.16.1.1
 ip tcp adjust-mss 1379
 delay 1000
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel key 10101
 tunnel protection ipsec profile ipsec-profile
!
interface FastEthernet0/0
 ip address 12.103.0.2 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.103.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
router eigrp 10
 network 10.103.0.0 0.0.255.255
 network 172.16.1.0 0.0.0.255
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 12.103.0.1
!
ip nat inside source route-map rmap-nat interface FastEthernet0/0 overload
!
ip access-list extended acl-nat
 permit ip 10.103.0.0 0.0.255.255 any
!
route-map rmap-nat permit 10
 match ip address acl-nat
!

Router 104

! 
crypto keyring keyring-vpn 
  local-address FastEthernet0/0
  pre-shared-key address 0.0.0.0 0.0.0.0 key tunvpnkey
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
crypto isakmp profile isakmp-vpn
   keyring keyring-vpn
   match identity address 0.0.0.0 
   local-address FastEthernet0/0
!
crypto ipsec transform-set tset-vpn esp-aes esp-sha-hmac 
!
crypto ipsec profile ipsec-profile
 set transform-set tset-vpn 
 set pfs group5
!
interface Tunnel1
 ip address 172.16.1.4 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication nhrpauth
 ip nhrp map 172.16.1.1 12.101.0.2
 ip nhrp map multicast 12.101.0.2
 ip nhrp network-id 10101
 ip nhrp holdtime 300
 ip nhrp nhs 172.16.1.1
 ip tcp adjust-mss 1379
 delay 1000
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel key 10101
 tunnel protection ipsec profile ipsec-profile
!
interface FastEthernet0/0
 ip address 12.104.0.2 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.104.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
router eigrp 10
 network 10.104.0.0 0.0.255.255
 network 172.16.1.0 0.0.0.255
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 12.104.0.1
!
ip nat inside source route-map rmap-nat interface FastEthernet0/0 overload
!
ip access-list extended acl-nat
 permit ip 10.104.0.0 0.0.255.255 any
!
route-map rmap-nat permit 10
 match ip address acl-nat
!

Router 105

! 
crypto keyring keyring-vpn 
  local-address FastEthernet0/0
  pre-shared-key address 0.0.0.0 0.0.0.0 key tunvpnkey
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
crypto isakmp profile isakmp-vpn
   keyring keyring-vpn
   match identity address 0.0.0.0 
   local-address FastEthernet0/0
!
crypto ipsec transform-set tset-vpn esp-aes esp-sha-hmac 
!
crypto ipsec profile ipsec-profile
 set transform-set tset-vpn 
 set pfs group5
!
interface Tunnel1
 ip address 172.16.1.5 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication nhrpauth
 ip nhrp map 172.16.1.1 12.101.0.2
 ip nhrp map multicast 12.101.0.2
 ip nhrp network-id 10101
 ip nhrp holdtime 300
 ip nhrp nhs 172.16.1.1
 ip tcp adjust-mss 1379
 delay 1000
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel key 10101
 tunnel protection ipsec profile ipsec-profile
!
interface FastEthernet0/0
 ip address 12.105.0.2 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.105.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
router eigrp 10
 network 10.105.0.0 0.0.255.255
 network 172.16.1.0 0.0.0.255
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 12.105.0.1
!
ip nat inside source route-map rmap-nat interface FastEthernet0/0 overload
!
ip access-list extended acl-nat
 permit ip 10.105.0.0 0.0.255.255 any
!
route-map rmap-nat permit 10
 match ip address acl-nat
!

Public

!
interface FastEthernet0/0
 ip address 12.101.0.1 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 12.102.0.1 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 12.103.0.1 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet2/0
 ip address 12.104.0.1 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet3/0
 ip address 12.105.0.1 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet4/0
 ip address 12.106.0.1 255.255.255.252
 duplex auto
 speed auto
!
cisco/ios-dmvpn.txt · Last modified: 2022/07/21 10:41 by 127.0.0.1