Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##### HUB CONFIG
- ### DEFINE IPSEC
- crypto isakmp policy 1
- encr 3des
- authentication pre-share
- crypto isakmp key sUp3rDup3rS33kr3+$ address 0.0.0.0 0.0.0.0
- crypto isakmp keepalive 10
- !
- !
- crypto ipsec transform-set ENTERPRISE esp-3des esp-sha-hmac
- mode transport
- !
- crypto ipsec profile VPN-DMVPN
- set security-association lifetime seconds 120
- set transform-set ENTERPRISE
- ### SET TUNNEL
- interface Tunnel0
- description mGRE Tunnel Endpoint
- ip address x.x.x.1 y.y.y.y
- no ip redirects
- ip mtu 1400
- ip nhrp authentication P@ssw0rd
- ip nhrp map multicast dynamic
- ip nhrp network-id 10000
- ip nhrp holdtime 600
- ip nhrp cache non-authoritative
- ip tcp adjust-mss 1360
- ip policy route-map DMVPN-Policy
- tunnel source <external interface>
- tunnel mode gre multipoint
- tunnel key 10000
- tunnel protection ipsec profile VPN-DMVPN
- ### SET ROUTING
- router eigrp 1
- network <match internal networks>
- no auto-summary
- ### POINT OUT
- ip route 0.0.0.0 0.0.0.0 <default gateway>
- ##### SPOKE CONFIG
- ### DEFINE IPSEC
- crypto isakmp policy 1
- encr 3des
- authentication pre-share
- crypto isakmp key sUp3rDup3rS33kr3+$ address 0.0.0.0 0.0.0.0
- crypto isakmp keepalive 10
- !
- !
- crypto ipsec transform-set ENTERPRISE esp-3des esp-sha-hmac
- mode transport
- !
- crypto ipsec profile VPN-DMVPN
- set security-association lifetime seconds 120
- set transform-set ENTERPRISE
- ### SET TUNNEL
- interface Tunnel0
- description Spoke 1 mGRE Tunnel Endpoint
- ip address x.x.x.n y.y.y.y
- no ip redirects
- ip nhrp authentication P@ssw0rd
- ip nhrp map x.x.x.1 <HUB PUBLIC IP>
- ip nhrp map multicast <HUB PUBLIC IP>
- ip nhrp network-id 10000
- ip nhrp holdtime 600
- ip nhrp nhs x.x.x.1
- ip tcp adjust-mss 1360
- tunnel source <external interface>
- tunnel mode gre multipoint
- tunnel key 10000
- tunnel protection ipsec profile VPN-DMVPN
- ### SET ROUTING
- router eigrp 1
- network <match internal networks>
- no auto-summary
- ### POINT OUT
- ip route 0.0.0.0 0.0.0.0 <default gateway>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement