注册 登录  
 加关注
查看详情
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

CCIE那点事-李萧明

博客已转移到www.jdccie.com CCIE那点事敬请期待

 
 
 

日志

 
 

分享一个自己做的DMVPN配置试验 安魂曲  

2011-05-15 17:37:00|  分类: Vpn |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

分享一个自己做的DMVPN配置试验

试验环境:
3台3640路由器,1台3640模拟的交换机,为HUB-SPOKE结构
IOS采用:c3640-jk9o3s-mz.124-10a.bin

拓扑见附件:

配置如下:

HUB: 复制内容到剪贴板代码:hostname HUB
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
mode transport
!
crypto ipsec profile vpn
set transform-set myset
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Tunnel0
ip address 192.168.16.1 255.255.255.0
no ip redirects
ip mtu 1416
no ip next-hop-self eigrp 1
ip nhrp authentication nhrp-pwd
ip nhrp map multicast dynamic
ip nhrp network-id 1
no ip split-horizon eigrp 1
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile vpn
!         
interface Ethernet0/0
ip address 172.16.16.1 255.255.255.0
full-duplex
!
router eigrp 1
network 1.0.0.0
network 192.168.16.0
no auto-summary
!
ip http server
no ip http secure-server
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!SpokeA: 复制内容到剪贴板代码:      
!hostname Spoke1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
mode transport
!
crypto ipsec profile vpn
set transform-set myset
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Tunnel0
ip address 192.168.16.2 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication nhrp-pwd
ip nhrp map 192.168.16.1 172.16.16.1
ip nhrp map multicast 172.16.16.1
ip nhrp network-id 1
ip nhrp nhs 192.168.16.1
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile vpn
!
interface Ethernet0/0
ip address 172.16.16.2 255.255.255.0
full-duplex
!
router eigrp 1
network 2.0.0.0
network 192.168.16.0
no auto-summary
!
ip http server
no ip http secure-server
!         
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!         
endSpokeB 复制内容到剪贴板代码:hostname Spoke2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
mode transport
!         
crypto ipsec profile vpn
set transform-set myset
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Tunnel0
ip address 192.168.16.3 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication nhrp-pwd
ip nhrp map 192.168.16.1 172.16.16.1
ip nhrp map multicast 172.16.16.1
ip nhrp network-id 1
ip nhrp nhs 192.168.16.1
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile vpn
!         
interface Ethernet0/0
ip address 172.16.16.3 255.255.255.0
full-duplex
!
!
router eigrp 1
network 3.0.0.0
network 192.168.16.0
no auto-summary
!         
ip http server
no ip http secure-server
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end试验目的:了解熟悉DMVPN的工作原理,以及IPSEC-ISAKMP的两阶段工作原理
测试实验结果:使用show crypto isakm sa和show crypto ipsec sa验证两阶段的现象已经显示出动态生成的SPOKEA和SPOKEB之间动态生成的隧道

[本帖最后由 安魂曲 于 2007-7-12 15:46 编辑]附件分享一个自己做的DMVPN配置试验  安魂曲 - dc31151 - 李萧明DMVPN1.jpg(24.49 KB)

2007-7-12 15:18

分享一个自己做的DMVPN配置试验  安魂曲 - dc31151 - 李萧明

  评论这张
 
阅读(7)| 评论(0)
推荐 转载

历史上的今天

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2018