domingo, 28 de diciembre de 2014

DMVPN VRF









    DMVPN :
Generic Routing Encapsulation GRE
Next-Hop Resolution Protocol NHRP
Dynamic routing protocols
IPsec encryption protocols

R1:
!
ip vrf voice
 rd 1:1
 route-target export 1:1
 route-target import 1:1

crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
crypto ipsec transform-set strong esp-3des esp-md5-hmac
crypto ipsec profile cisco
 set security-association lifetime seconds 120
 set transform-set strong

interface Tunnel0
 ip address 172.16.0.1 255.255.255.0 ip mtu 1440
 no ip next-hop-self eigrp 90
 ip nhrp authentication cisco123
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 no ip split-horizon eigrp 90
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel key 0
 tunnel protection ipsec profile cisco shared
end

interface Tunnel1
 ip vrf forwarding voice
 ip address 172.16.1.1 255.255.255.0 ip mtu 1440
 no ip next-hop-self eigrp 90
 ip nhrp authentication cisco123
 ip nhrp map multicast dynamic
 ip nhrp network-id 2
 no ip split-horizon eigrp 90
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel key 1
 tunnel protection ipsec profile cisco shared
end


router eigrp 90
 network 10.0.1.0 0.0.0.255
 network 172.16.0.0 0.0.0.255
 no auto-summary
 !
 address-family ipv4 vrf voice
  network 10.1.1.0 0.0.0.255
  network 172.16.1.0 0.0.0.255
  no auto-summary
  autonomous-system 90
 exit-address-family
!



verificacion:

R1#sh dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incompletea
        N - NATed, L - Local, X - No Socket
        # Ent --> Number of NHRP entries with same NBMA peer

Tunnel0, Type:Hub, NHRP Peers:2,
 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1      10.10.10.2      172.16.0.2    UP    never D
     1      10.10.10.3      172.16.0.3    UP    never D

Tunnel1, Type:Hub, NHRP Peers:2,
 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1      10.10.10.2      172.16.1.2    UP    never D
     1      10.10.10.3      172.16.1.3    UP    never D



R1#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id slot status
10.10.10.1      10.10.10.3      QM_IDLE           1002    0 ACTIVE
10.10.10.1      10.10.10.2      QM_IDLE           1001    0 ACTIVE

IPv6 Crypto ISAKMP SA




Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)