Thursday, December 8, 2011

DMVPN For Dummies - Phase 1 & 2 (Phase 3 Added Too Now)



R1(HUB)
=======

!
crypto isakmp policy 10
 authentication pre-share
 crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set TRANSFORMSET esp-des esp-md5-hmac
  mode transport
!
crypto ipsec profile CRYPTOPROFILE
 set transform-set TRANSFORMSET
!
interface Tunnel0
 ip address 10.0.0.1 255.255.255.0
 ip mtu 1400
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp network-id 99
 no ip split-horizon eigrp 1
 ip tcp adjust-mss 1360
 tunnel source f0/0
 tunnel mode gre multipoint
 tunnel key 100000
 tunnel protection ipsec profile CRYPTOPROFILE
 no ip next-hop-self eigrp 1 < To Be Removed If Using Phase 3 Configuration
 ip nhrp redirect
!
router eigrp 1
 network 10.0.0.1 0.0.0.0
 network 1.1.1.1 0.0.0.0
 no au
 end
!

##################################################################

R2(SPOKE 1)
===========
!
crypto isakmp policy 10
 authentication pre-share
 crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set TRANSFORMSET esp-des esp-md5-hmac
  mode transport
!
crypto ipsec profile CRYPTOPROFILE
 set transform-set TRANSFORMSET
!
interface Tunnel0
 ip address 10.0.0.2 255.255.255.0
 ip mtu 1400
 ip nhrp authentication cisco
 ip nhrp map 10.0.0.1 123.0.0.1
 ip nhrp map multicast 123.0.0.1
 ip nhrp network-id 99
 ip nhrp nhs 10.0.0.1
 ip tcp adjust-mss 1360
 tunnel source f0/0
 tunnel mode gre multipoint
 tunnel key 100000
 tunnel protection ipsec profile CRYPTOPROFILE
 ip nhrp redirect
 ip nhrp shortcut
!
router eigrp 1
 network 10.0.0.2 0.0.0.0
 network 2.2.2.2 0.0.0.0
 no au
 end
!

##################################################################

R3(SPOKE 2)
===========

!
crypto isakmp policy 10
 authentication pre-share
 crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set TRANSFORMSET esp-des esp-md5-hmac
  mode transport
!
crypto ipsec profile CRYPTOPROFILE
 set transform-set TRANSFORMSET
!
interface Tunnel0
 ip address 10.0.0.3 255.255.255.0
 ip mtu 1400
 ip nhrp authentication cisco
 ip nhrp map 10.0.0.1 123.0.0.1
 ip nhrp map multicast 123.0.0.1
 ip nhrp network-id 99
 ip nhrp nhs 10.0.0.1
 ip tcp adjust-mss 1360
 tunnel source f0/0
 tunnel mode gre multipoint
 tunnel key 100000
 tunnel protection ipsec profile CRYPTOPROFILE
 ip nhrp redirect
 ip nhrp shortcut
!
router eigrp 1
 network 10.0.0.3 0.0.0.0
 network 3.3.3.3 0.0.0.0
 no au
 end
!

Benefit of adding Phase 3 Configuration allows us to reduce control-plane information on Hub Router. Also it allows us to use default routing and perform summarization on Hub.


More Details :


http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6660/ps6808/prod_white_paper0900aecd8055c34e_ps6658_Products_White_Paper.html

HTH...
Deepak Arora
Evil CCIE
Posted by at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)