Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

dmvpn

By: hellionsoldier on Jun 8th, 2012  |  syntax: None  |  size: 1.97 KB  |  views: 34  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. ##### HUB CONFIG
  2. ### DEFINE IPSEC
  3. crypto isakmp policy 1
  4.  encr 3des
  5.  authentication pre-share
  6. crypto isakmp key sUp3rDup3rS33kr3+$ address 0.0.0.0 0.0.0.0
  7. crypto isakmp keepalive 10
  8. !
  9. !
  10. crypto ipsec transform-set ENTERPRISE esp-3des esp-sha-hmac
  11.  mode transport
  12. !
  13. crypto ipsec profile VPN-DMVPN
  14.  set security-association lifetime seconds 120
  15.  set transform-set ENTERPRISE
  16.  
  17. ### SET TUNNEL
  18. interface Tunnel0
  19.  description mGRE Tunnel Endpoint
  20.  ip address x.x.x.1 y.y.y.y
  21.  no ip redirects
  22.  ip mtu 1400
  23.  ip nhrp authentication P@ssw0rd
  24.  ip nhrp map multicast dynamic
  25.  ip nhrp network-id 10000
  26.  ip nhrp holdtime 600
  27.  ip nhrp cache non-authoritative
  28.  ip tcp adjust-mss 1360
  29.  ip policy route-map DMVPN-Policy
  30.  tunnel source <external interface>
  31.  tunnel mode gre multipoint
  32.  tunnel key 10000
  33.  tunnel protection ipsec profile VPN-DMVPN
  34.  
  35. ### SET ROUTING
  36. router eigrp 1
  37.  network <match internal networks>
  38.  no auto-summary
  39.  
  40. ### POINT OUT
  41. ip route 0.0.0.0 0.0.0.0 <default gateway>
  42.  
  43.  
  44. ##### SPOKE CONFIG
  45. ### DEFINE IPSEC
  46. crypto isakmp policy 1
  47.  encr 3des
  48.  authentication pre-share
  49. crypto isakmp key sUp3rDup3rS33kr3+$ address 0.0.0.0 0.0.0.0
  50. crypto isakmp keepalive 10
  51. !
  52. !
  53. crypto ipsec transform-set ENTERPRISE esp-3des esp-sha-hmac
  54.  mode transport
  55. !
  56. crypto ipsec profile VPN-DMVPN
  57.  set security-association lifetime seconds 120
  58.  set transform-set ENTERPRISE
  59.  
  60. ### SET TUNNEL
  61. interface Tunnel0
  62.  description Spoke 1 mGRE Tunnel Endpoint
  63.  ip address x.x.x.n y.y.y.y
  64.  no ip redirects
  65.  ip nhrp authentication P@ssw0rd
  66.  ip nhrp map x.x.x.1 <HUB PUBLIC IP>
  67.  ip nhrp map multicast <HUB PUBLIC IP>
  68.  ip nhrp network-id 10000
  69.  ip nhrp holdtime 600
  70.  ip nhrp nhs x.x.x.1
  71.  ip tcp adjust-mss 1360
  72.  tunnel source <external interface>
  73.  tunnel mode gre multipoint
  74.  tunnel key 10000
  75.  tunnel protection ipsec profile VPN-DMVPN
  76.  
  77. ### SET ROUTING
  78. router eigrp 1
  79.  network <match internal networks>
  80.  no auto-summary
  81.  
  82. ### POINT OUT
  83. ip route 0.0.0.0 0.0.0.0 <default gateway>