Router HUB
Codice: Seleziona tutto
!
hostname HUB
!
!
multilink bundle-name authenticated
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key "KEY" address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile VIG-DMVPN
set security-association lifetime seconds 120
set transform-set DMVPN
!
!
interface Tunnel0
ip address 192.168.50.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 90
ip nhrp authentication "KEY"
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 360
ip tcp adjust-mss 1360
no ip split-horizon eigrp 90
delay 1000
tunnel source Loopback1
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile VIG-DMVPN
!
!
!
interface ATM0.1 point-to-point
ip address 89.37.11.51 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nat outside
ip virtual-reassembly
pvc 8/35
encapsulation aal5snap
!
!
!
interface Loopback0
description INTERFACCIA WEB
ip address 85.11.11.10 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
no snmp trap link-status
!
interface Loopback1
description INTERFACCIA DMVPN HUB
ip address 85.11.11.11 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
no snmp trap link-status
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
hold-queue 100 out
!
router eigrp 90
network 192.168.1.0
network 192.168.50.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
!
ip nat inside source route-map NAT0-RM interface Loopback0 overload
!
access-list 100 remark --DMVPN SPOKE-01--
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 remark --DMVPN sPOKE-02--
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 100 remark --to translate--
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
route-map NAT0-RM permit 1
match ip address 100
!
!
end
Codice: Seleziona tutto
!
hostname SPOKE-01
!
multilink bundle-name authenticated
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key "KEY" address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile VIG-DMVPN
set security-association lifetime seconds 120
set transform-set DMVPN
!
!
interface Tunnel0
ip address 192.168.50.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication "KEY"
ip nhrp map 192.168.50.1 85.11.11.11
ip nhrp map multicast 85.11.11.11
ip nhrp network-id 1
ip nhrp holdtime 360
ip nhrp nhs 192.168.50.1
ip tcp adjust-mss 1360
delay 1000
tunnel source Dialer0
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile VIG-DMVPN
!
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname xxxxx
ppp chap password xxxxx
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1350
hold-queue 100 out
!
!
router eigrp 90
network 192.168.2.0
network 192.168.50.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip nat inside source route-map NAT0-RM interface Dialer0 overload
!
access-list 100 remark --DMVPN HUB--
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 remark --DMVPN SPOKE-02--
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 100 remark --to translate--
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
!
route-map NAT0-RM permit 1
match ip address 100
!
!
end