dmvpm configuration

## Case configuration requirements

The IP of the interconnection between the

device is shown in the figure;
According to the topology, configure DMVPN;
tunnel address adopts 172.16.1.0/24
r3 is center, R1, R2 is Branch2

Router#conf ter
Router(config)#hostname R3
R3(config)#int fa0/0
R3(config-if)#ip add 101.1.1.3 255.255.255.0
R3(config-if)#no sh
R3(config-if)#int lo 0
R3(config-if)#ip add 192.168.3.1 255.255.255.0

Router#conf ter
Router(config)#hostname R1
R1(config)#int fa0/0
R1(config-if)#ip add 101.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int lo 0
R1(config-if)#ip add 192.168.1.1 255.255.255.0

Router#conf ter
Router(config)#hostname R2
R2(config)#int fa 0/0
R2(config-if)#ip add 101.1.1.2 255.255.255.0
R2(config-if)#no sh
R2(config-if)#int lo 0
R2(config-if)#ip add 192.168.2.1 255.255.255.0

R3(config)#interface Tunnel0
R3(config-if)#ip address 172.16.1.3 255.255.255.0  
R3(config-if)#tunnel source FastEthernet0/0
R3(config-if)#tunnel mode gre multipoint
R3(config-if)#ip nhrp network-id 10
R3(config-if)#ip nhrp authentication cisco
R3(config-if)#ip nhrp map multicast dynamic
R3(config-if)#exit

R1(config)#interface Tunnel0
R1(config-if)#ip address 172.16.1.1 255.255.255.0
R1(config-if)#tunnel source FastEthernet0/0
R1(config-if)#tunnel mode gre multipoint 
R1(config-if)#ip nhrp network-id 10
R1(config-if)#ip nhrp authentication cisco
R1(config-if)#ip nhrp map 172.16.1.3 101.1.1.3      
R1(config-if)#ip nhrp map multicast 101.1.1.3    
R1(config-if)#ip nhrp nhs 172.16.1.3
R1(config-if)#exit

R2(config)#interface Tunnel0
R2(config-if)#ip address 172.16.1.2 255.255.255.0
R2(config-if)#tunnel source FastEthernet0/0
R2(config-if)#tunnel mode gre multipoint 
R2(config-if)#ip nhrp network-id 10                     
R2(config-if)#ip nhrp authentication cisco
R2(config-if)# ip nhrp map 172.16.1.3 101.1.1.3      
R2(config-if)#ip nhrp map multicast 101.1.1.3    
R2(config-if)#ip nhrp nhs 172.16.1.3
R2(config-if)#exit

R3(config)#router eigrp 100
R3(config-router)#network 172.16.1.0 0.0.0.255
R3(config-router)#network 192.168.3.0 
R3(config-router)#no auto-summary

R1(config)#router eigrp 100
R1(config-router)#network 172.16.1.0 0.0.0.255
R1(config-router)#network 192.168.1.0
R1(config-router)#no auto-summary

R2(config)#router eigrp 100
R2(config-router)#network 172.16.1.0 0.0.0.255
R2(config-router)#network 192.168.2.0
R2(config-router)#no auto-summary

R1#show ip route eigrp
D    192.168.3.0/24 [90/297372416] via 172.16.1.3, 00:17:33, Tunnel0
R2#show ip route eigrp 
D    192.168.3.0/24 [90/297372416] via 172.16.1.3, 00:21:57, tunnel0 
 Just learn the center network routing 



 R3(config)#interface Tunnel0
R3(config-if)#NO IP Split-Horizon EIGRP 100 // Close horizontal segmentation


R1#Show ip route eigrp // Not the best
D    192.168.2.0/24 [90/310172416] via 172.16.1.3, 00:00:11, Tunnel0
D    192.168.3.0/24 [90/297372416] via 172.16.1.3, 00:19:36, Tunnel0


R3(config-if)#NO IP Next-Hop-Self EIGRP 100 // Optimize

R1#Show ip route eigrp // Optimized next jump
D    192.168.2.0/24 [90/310172416] via 172.16.1.2, 00:00:06, Tunnel0
D    192.168.3.0/24 [90/297372416] via 172.16.1.3, 00:00:05, Tunnel0

R1/R2/R3 Configuration Gre Over IPSEC Configuration 

 R(config)#crypto isakmp policy 10
R(config-isakmp)# authentication pre-share
R(config-isakmp)#crypto isakmp key cisco address 0.0.0.0 0.0.0.0
R(config)#crypto ipsec transform-set cisco esp-des esp-md5-hmac 
R(cfg-crypto-trans)# mode transport
R(cfg-crypto-trans)#crypto ipsec profile ipsecprof
R(ipsec-profile)# set transform-set cisco
R(ipsec-profile)#interface Tunnel0 
R(config-if)# tunnel protection ipsec profile ipsecprof

R3#show ip nhrp 
172.16.1.1/32 via 172.16.1.1, Tunnel0 created 00:37:13, expire 01:55:54
  Type: dynamic, Flags: unique registered 
  NBMA address: 101.1.1.1 
172.16.1.2/32 via 172.16.1.2, Tunnel0 created 00:35:44, expire 01:56:05
  Type: dynamic, Flags: unique registered 
  NBMA address: 101.1.1.2

R1#show ip nhrp 
172.16.1.3/32 via 172.16.1.3, Tunnel0 created 00:41:14, never expire 
  Type: static, Flags: used 
  NBMA address: 101.1.1.3

R2#show ip nhrp 
172.16.1.3/32 via 172.16.1.3, Tunnel0 created 00:40:10, never expire 
  Type: static, Flags: used 
  NBMA address: 101.1.1.3

R3#show crypto ipsec sa 

interface: Tunnel0
    Crypto map tag: Tunnel0-head-0, local addr 101.1.1.3

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (101.1.1.3/255.255.255.255/47/0)
   remote ident (addr/mask/prot/port): (101.1.1.1/255.255.255.255/47/0)
   current_peer 101.1.1.1 port 500
     PERMIT, flags={
    origin_is_acl,}
    #pkts encaps: 104, #pkts encrypt: 104, #pkts digest: 104
    #pkts decaps: 104, #pkts decrypt: 104, #pkts verify: 104
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 2, #recv errors 0

     local crypto endpt.: 101.1.1.3, remote crypto endpt.: 101.1.1.1
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
     current outbound spi: 0xEC38B8F5(3963140341)

     inbound esp sas:
      spi: 0xEB9440F2(3952361714)
        transform: esp-des esp-md5-hmac ,
        in use settings ={
    Transport, }
        conn id: 1, flow_id: SW:1, crypto map: Tunnel0-head-0
        sa timing: remaining key lifetime (k/sec): (4384091/3143)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0xEC38B8F5(3963140341)
        transform: esp-des esp-md5-hmac ,
        in use settings ={
    Transport, }
        conn id: 2, flow_id: SW:2, crypto map: Tunnel0-head-0
        sa timing: remaining key lifetime (k/sec): (4384091/3143)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (101.1.1.3/255.255.255.255/47/0)
   remote ident (addr/mask/prot/port): (101.1.1.2/255.255.255.255/47/0)
   current_peer 101.1.1.2 port 500
     PERMIT, flags={
    origin_is_acl,}
    #pkts encaps: 104, #pkts encrypt: 104, #pkts digest: 104
    #pkts decaps: 104, #pkts decrypt: 104, #pkts verify: 104
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 5, #recv errors 0

     local crypto endpt.: 101.1.1.3, remote crypto endpt.: 101.1.1.2
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
     current outbound spi: 0xC7DAF57B(3353015675)

     inbound esp sas:
      spi: 0x87F4A893(2280958099)
        transform: esp-des esp-md5-hmac ,
        in use settings ={
    Transport, }
        conn id: 3, flow_id: SW:3, crypto map: Tunnel0-head-0
        sa timing: remaining key lifetime (k/sec): (4546368/3154)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0xC7DAF57B(3353015675)
        transform: esp-des esp-md5-hmac ,
        in use settings ={
    Transport, }
        conn id: 4, flow_id: SW:4, crypto map: Tunnel0-head-0
        sa timing: remaining key lifetime (k/sec): (4546368/3154)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

R1#show crypto ipsec sa 

interface: Tunnel0
    Crypto map tag: Tunnel0-head-0, local addr 101.1.1.1

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (101.1.1.1/255.255.255.255/47/0)
   remote ident (addr/mask/prot/port): (101.1.1.3/255.255.255.255/47/0)
   current_peer 101.1.1.3 port 500
     PERMIT, flags={
    origin_is_acl,}
    #pkts encaps: 105, #pkts encrypt: 105, #pkts digest: 105
    #pkts decaps: 105, #pkts decrypt: 105, #pkts verify: 105
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 101.1.1.1, remote crypto endpt.: 101.1.1.3
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
     current outbound spi: 0xEB9440F2(3952361714)

     inbound esp sas:
      spi: 0xEC38B8F5(3963140341)
        transform: esp-des esp-md5-hmac ,
        in use settings ={
    Transport, }
        conn id: 1, flow_id: SW:1, crypto map: Tunnel0-head-0
        sa timing: remaining key lifetime (k/sec): (4532417/3136)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0xEB9440F2(3952361714)
        transform: esp-des esp-md5-hmac ,
        in use settings ={
    Transport, }
        conn id: 2, flow_id: SW:2, crypto map: Tunnel0-head-0
        sa timing: remaining key lifetime (k/sec): (4532417/3136)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

R2#show crypto ipsec sa 

interface: Tunnel0
    Crypto map tag: Tunnel0-head-0, local addr 101.1.1.2

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (101.1.1.2/255.255.255.255/47/0)
   remote ident (addr/mask/prot/port): (101.1.1.3/255.255.255.255/47/0)
   current_peer 101.1.1.3 port 500
     PERMIT, flags={
    origin_is_acl,}
    #pkts encaps: 106, #pkts encrypt: 106, #pkts digest: 106
    #pkts decaps: 106, #pkts decrypt: 106, #pkts verify: 106
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 101.1.1.2, remote crypto endpt.: 101.1.1.3
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
     current outbound spi: 0x87F4A893(2280958099)

     inbound esp sas:
      spi: 0xC7DAF57B(3353015675)
        transform: esp-des esp-md5-hmac ,
        in use settings ={
    Transport, }
        conn id: 1, flow_id: SW:1, crypto map: Tunnel0-head-0
        sa timing: remaining key lifetime (k/sec): (4385974/3142)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0x87F4A893(2280958099)
        transform: esp-des esp-md5-hmac ,
        in use settings ={
    Transport, }
        conn id: 2, flow_id: SW:2, crypto map: Tunnel0-head-0
        sa timing: remaining key lifetime (k/sec): (4385974/3142)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

R2#ping 192.168.1.1 

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/48/80 ms

R1#ping 192.168.2.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/24 ms


R3#sh ip route 
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     101.0.0.0/24 is subnetted, 1 subnets
C       101.1.1.0 is directly connected, FastEthernet0/0
     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Tunnel0
D    192.168.1.0/24 [90/297372416] via 172.16.1.1, 00:19:18, Tunnel0
D    192.168.2.0/24 [90/297372416] via 172.16.1.2, 00:11:45, Tunnel0
C    192.168.3.0/24 is directly connected, Loopback0

source

Free tutorials to bookmark

Tutorials, Free Online Tutorials, publishbookmarks provides tutorials and interview questions of all technology like java tutorial, android, java frameworks, javascript, ajax, core java, sql, python, php, c language etc. for beginners and professionals.

Random Posts

shallow copy deep copy IT

[244 Issue] The back slope \\ in mysql, too pit! Intersection

IDEA actually develops super commonly used shortcut keys! Intersection Intersection

SWIFT high -level function: Map, Filter, Reduce

[Zhihu] A discussion on the scale of data and big data platforms