Advertisement
hellionsoldier

dmvpn

Jun 8th, 2012
92
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.97 KB | None | 0 0
  1. ##### HUB CONFIG
  2. ### DEFINE IPSEC
  3. crypto isakmp policy 1
  4. encr 3des
  5. authentication pre-share
  6. crypto isakmp key sUp3rDup3rS33kr3+$ address 0.0.0.0 0.0.0.0
  7. crypto isakmp keepalive 10
  8. !
  9. !
  10. crypto ipsec transform-set ENTERPRISE esp-3des esp-sha-hmac
  11. mode transport
  12. !
  13. crypto ipsec profile VPN-DMVPN
  14. set security-association lifetime seconds 120
  15. set transform-set ENTERPRISE
  16.  
  17. ### SET TUNNEL
  18. interface Tunnel0
  19. description mGRE Tunnel Endpoint
  20. ip address x.x.x.1 y.y.y.y
  21. no ip redirects
  22. ip mtu 1400
  23. ip nhrp authentication P@ssw0rd
  24. ip nhrp map multicast dynamic
  25. ip nhrp network-id 10000
  26. ip nhrp holdtime 600
  27. ip nhrp cache non-authoritative
  28. ip tcp adjust-mss 1360
  29. ip policy route-map DMVPN-Policy
  30. tunnel source <external interface>
  31. tunnel mode gre multipoint
  32. tunnel key 10000
  33. tunnel protection ipsec profile VPN-DMVPN
  34.  
  35. ### SET ROUTING
  36. router eigrp 1
  37. network <match internal networks>
  38. no auto-summary
  39.  
  40. ### POINT OUT
  41. ip route 0.0.0.0 0.0.0.0 <default gateway>
  42.  
  43.  
  44. ##### SPOKE CONFIG
  45. ### DEFINE IPSEC
  46. crypto isakmp policy 1
  47. encr 3des
  48. authentication pre-share
  49. crypto isakmp key sUp3rDup3rS33kr3+$ address 0.0.0.0 0.0.0.0
  50. crypto isakmp keepalive 10
  51. !
  52. !
  53. crypto ipsec transform-set ENTERPRISE esp-3des esp-sha-hmac
  54. mode transport
  55. !
  56. crypto ipsec profile VPN-DMVPN
  57. set security-association lifetime seconds 120
  58. set transform-set ENTERPRISE
  59.  
  60. ### SET TUNNEL
  61. interface Tunnel0
  62. description Spoke 1 mGRE Tunnel Endpoint
  63. ip address x.x.x.n y.y.y.y
  64. no ip redirects
  65. ip nhrp authentication P@ssw0rd
  66. ip nhrp map x.x.x.1 <HUB PUBLIC IP>
  67. ip nhrp map multicast <HUB PUBLIC IP>
  68. ip nhrp network-id 10000
  69. ip nhrp holdtime 600
  70. ip nhrp nhs x.x.x.1
  71. ip tcp adjust-mss 1360
  72. tunnel source <external interface>
  73. tunnel mode gre multipoint
  74. tunnel key 10000
  75. tunnel protection ipsec profile VPN-DMVPN
  76.  
  77. ### SET ROUTING
  78. router eigrp 1
  79. network <match internal networks>
  80. no auto-summary
  81.  
  82. ### POINT OUT
  83. ip route 0.0.0.0 0.0.0.0 <default gateway>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement