miércoles, 15 de marzo de 2017

DMVPN IPSEC




SPOKE1

crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 5
crypto isakmp key cisco123 address 0.0.0.0

crypto ipsec transform-set TSET esp-aes esp-sha-hmac

crypto ipsec profile cisco
 set security-association lifetime seconds 900
 set transform-set TSET
interface Loopback0
 ip address 1.1.1.1 255.255.255.0

interface Tunnel0
 ip address 192.168.0.1 255.255.255.0
 no ip redirects
 ip nhrp map 192.168.0.3 200.0.0.9
 ip nhrp map multicast 200.0.0.9
 ip nhrp network-id 100
 ip nhrp nhs 192.168.0.3
 ip ospf network broadcast
 ip ospf priority 0
 tunnel source Ethernet0/0
 tunnel mode gre multipoint
 tunnel protection ipsec profile cisco

HUB
====
crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 5
crypto isakmp key cisco123 address 0.0.0.0
crypto ipsec transform-set TSET esp-aes esp-sha-hmac
crypto ipsec profile cisco
 set security-association lifetime seconds 900
 set transform-set TSET

interface Loopback0
 ip address 3.3.3.3 255.255.255.0

interface Tunnel0
 ip address 192.168.0.3 255.255.255.0
 no ip redirects
 ip nhrp map multicast dynamic
 ip nhrp map multicast 200.0.0.9
 ip nhrp network-id 100
 ip ospf network broadcast
 ip ospf priority 10
 tunnel source Ethernet0/0
 tunnel mode gre multipoint
 tunnel protection ipsec profile cisco








Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)