cisco双hub双dmvpn配置实例.docx
《cisco双hub双dmvpn配置实例.docx》由会员分享,可在线阅读,更多相关《cisco双hub双dmvpn配置实例.docx(10页珍藏版)》请在冰点文库上搜索。
cisco双hub双dmvpn配置实例
VPN配置实例系列
(一)cisco双hub双dmvpn配置实例(原创)
2011-08-1617:
51
(HUB-1)AIR1#showrun
Buildingconfiguration...
upgradefpdauto
version12.4
hostnameAIR1
aaanew-model
!
aaaauthenticationloginloginlocalnone
aaasession-idcommon
ipsource-route
ipcef
noipdomainlookup
noipv6cef
!
multilinkbundle-nameauthenticated
usernameciscoprivilege15secret5$1$2HQI$6HPxKq33L6fHLOq.mNEJ6.
archive
logconfig
hidekeys
!
cryptoisakmppolicy10
hashmd5
authenticationpre-share
group2
cryptoisakmpkeyaddress
!
cryptoipsectransform-setesp-3desesp-md5-hmac
modetransport
!
cryptoipsecprofile
settransform-set
!
interfaceLoopback0
ipaddress
ipospfnetworkpoint-to-point
!
interfaceTunnel0
ipaddress
noipredirects
ipmtu1400
ipnhrpauthenticationtwo.auth
ipnhrpmapmulticastdynamic
ipnhrpnetwork-id10
ipnhrpholdtime600
ipospfnetworkbroadcast
ipospfpriority10
delay1000
tunnelsourceSerial1/1
tunnelmodegremultipoint
tunnelkey2012
tunnelprotectionipsecprofile
!
interfaceFastEthernet0/0
ipaddress
duplexauto
speedauto
!
interfaceSerial1/1
ipaddress
serialrestart-delay0
routerospf100
router-id
log-adjacency-changes
networkarea1
networkarea0
!
ipforward-protocolnd
iproute
linecon0
exec-timeout00
loggingsynchronous
loginauthenticationlogin
stopbits1
lineaux0
stopbits1
linevty04
!
end
-----------------------------------------------------
(HUB-2)AIR2#showrun
Buildingconfiguration...
version12.4
hostnameAIR2
enablepasswordcisco
!
aaanew-model
!
aaaauthenticationloginloginlocalnone
!
aaasession-idcommon
memory-sizeiomem5
!
ipcef
noipdomainlookup
ipauth-proxymax-nodata-conns3
ipadmissionmax-nodata-conns3
!
multilinkbundle-nameauthenticated
usernameezvpnpassword0ezvpn
usernameair2secret5$1$iT8A$btPfNBneo8ShHP1pJwRyt/
archive
logconfig
hidekeys
!
cryptoisakmppolicy10
hashmd5
authenticationpre-share
group2
cryptoisakmpkeyaddress
!
cryptoipsectransform-setesp-3desesp-md5-hmac
modetransport
!
cryptoipsecprofile
settransform-set
interfaceLoopback0
ipaddress
!
interfaceTunnel0
ipaddress
noipredirects
ipmtu1400
ipnhrpauthenticationtwo.auth
ipnhrpmapmulticastdynamic
ipnhrpnetwork-id10
ipnhrpholdtime600
ipospfnetworkbroadcast
ipospfpriority5
delay1000
tunnelsourceSerial1/2
tunnelmodegremultipoint
tunnelkey2012
tunnelprotectionipsecprofile
!
interfaceFastEthernet0/0
ipaddress
duplexauto
speedauto
!
interfaceSerial1/0
ipaddress
serialrestart-delay0
interfaceSerial1/2
ipaddress
serialrestart-delay0
routerospf100
router-id
log-adjacency-changes
networkarea1
networkarea0
iproute
linecon0
exec-timeout00
loggingsynchronous
loginauthenticationlogin
lineaux0
loginauthenticationlogin
linevty04
exec-timeout00
loggingsynchronous
loginauthenticationlogin
!
!
end
-----------------------------------------------------------------
(SPOKE-1)IOSFW1#showrun
Buildingconfiguration...
!
version12.4
!
hostnameIOSFW1
aaanew-model
aaaauthenticationloginloginlocalnone
aaasession-idcommon
memory-sizeiomem5
ipcef
noipdomainlookup
ipauth-proxymax-nodata-conns3
ipadmissionmax-nodata-conns3
!
multilinkbundle-nameauthenticated
usernameciscoprivilege15secret5$1$FfyS$.b/nQwuam1J17HEESibRB0
archive
logconfig
hidekeys
cryptoisakmppolicy10
hashmd5
authenticationpre-share
group2
cryptoisakmpkeyaddress
!
cryptoipsectransform-setesp-3desesp-md5-hmac
modetransport
!
cryptoipsecprofile
settransform-set
interfaceLoopback0
ipaddress
!
interfaceTunnel0
ipaddress
ipmtu1400
ipnhrpauthenticationtwo.auth
ipnhrpmap
ipnhrpnetwork-id10
ipnhrpholdtime300
ipnhrpnhs
ipospfnetworkbroadcast
ipospfpriority0
delay1000
tunnelsourceSerial1/0
tunneldestination
tunnelkey2012
tunnelprotectionipsecprofile
!
interfaceTunnel1
ipaddress
ipmtu1400
ipnhrpauthenticationtwo.auth
ipnhrpmap
ipnhrpnetwork-id10
ipnhrpholdtime300
ipnhrpnhs
ipospfnetworkbroadcast
ipospfpriority0
delay1000
tunnelsourceSerial1/0
tunneldestination
tunnelkey2012
tunnelprotectionipsecprofile
!
interfaceSerial1/0
ipaddress
serialrestart-delay0
routerospf100
router-id
log-adjacency-changes
networkarea1
networkarea1
networkarea1
!
ipforward-protocolnd
iproute
linecon0
exec-timeout00
loggingsynchronous
loginauthenticationlogin
lineaux0
linevty04
!
!
end
---------------------------------------------------------------------
(SPOKE-2)IOSFW2#showrun
Buildingconfiguration...
version12.4
noservicepassword-encryption
!
hostnameIOSFW2
enablepasswordcisco
!
aaanew-model
aaaauthenticationloginloginlocalnone
aaasession-idcommon
memory-sizeiomem5
ipcef
noipdomainlookup
ipauth-proxymax-nodata-conns3
ipadmissionmax-nodata-conns3
!
multilinkbundle-nameauthenticated
!
usernameiosfw2secret5$1$.S/B$cBe/jtBt23/MpNaFaZ1320
archive
logconfig
hidekeys
!
cryptoisakmppolicy10
hashmd5
authenticationpre-share
group2
cryptoisakmpkeyaddress
!
cryptoipsectransform-setesp-3desesp-md5-hmac
modetransport
!
cryptoipsecprofile
settransform-set
interfaceLoopback0
ipaddress
!
interfaceTunnel0
ipaddress
ipmtu1400
ipnhrpauthenticationtwo.auth
ipnhrpmap
ipnhrpnetwork-id10
ipnhrpholdtime300
ipnhrpnhs
ipospfnetworkbroadcast
ipospfpriority0
delay1000
tunnelsourceSerial1/0
tunneldestination
tunnelkey2012
tunnelprotectionipsecprofile
!
interfaceTunnel1
ipaddress
ipmtu1400
ipnhrpauthenticationtwo.auth
ipnhrpmap
ipnhrpnetwork-id10
ipnhrpholdtime300
ipnhrpnhs
ipospfnetworkbroadcast
ipospfpriority0
delay1000
tunnelsourceSerial1/0
tunneldestination
tunnelkey2012
tunnelprotectionipsecprofile
interfaceSerial1/0
ipaddress
serialrestart-delay0
routerospf100
router-id
log-adjacency-changes
networkarea1
networkarea1
networkarea1
ipforward-protocolnd
iproute
linecon0
exec-timeout00
loggingsynchronous
loginauthenticationlogin
lineaux0
loginauthenticationlogin
linevty04
exec-timeout00
loggingsynchronous
loginauthenticationlogin
!
!
end
IOSFW1#showcryisasa
IPv4CryptoISAKMPSA
dstsrcstateconn-idslotstatus
QM_IDLE10110ACTIVE
QM_IDLE10140ACTIVE
IOSFW2#showcryisasa
IPv4CryptoISAKMPSA
dstsrcstateconn-idslotstatus
QM_IDLE10020ACTIVE
QM_IDLE10010ACTIVE
IOSFW1#showcryipsecsa
interface:
Tunnel0
Cryptomaptag:
Tunnel0-head-0,localaddr
protectedvrf:
(none)
localident(addr/mask/prot/port):
(
remoteident(addr/mask/prot/port):
(
current_peerport500
PERMIT,flags={origin_is_acl,}
#pktsencaps:
921,#pktsencrypt:
921,#pktsdigest:
921
#pktsdecaps:
976,#pktsdecrypt:
976,#pktsverify:
976
#pktscompressed:
0,#pktsdecompressed:
0
#pktsnotcompressed:
0,#pktscompr.failed:
0
#pktsnotdecompressed:
0,#pktsdecompressfailed:
0
#senderrors2,#recverrors0
localcryptoendpt.:
remotecryptoendpt.:
pathmtu1500,ipmtu1500,ipmtuidbSerial1/0
currentoutboundspi:
0x116D44B0(0)
IOSFW2#showcryipsecsa
interface:
Tunnel0
Cryptomaptag:
Tunnel0-head-0,localaddr
protectedvrf:
(none)
localident(addr/mask/prot/port):
(
remoteident(addr/mask/prot/port):
(
current_peerport500
PERMIT,flags={origin_is_acl,}
#pktsencaps:
791,#pktsencrypt:
791,#pktsdigest:
791
#pktsdecaps:
849,#pktsdecrypt:
849,#pktsverify:
849
#pktscompressed:
0,#pktsdecompressed:
0
#pktsnotcompressed:
0,#pktscompr.failed:
0
#pktsnotdecompressed:
0,#pktsdecompressfailed:
0
#senderrors1,#recverrors0
localcryptoendpt.:
remotecryptoendpt.:
pathmtu1500,ipmtu1500,ipmtuidbSerial1/0
currentoutboundspi:
0x38CD88C8
(2)
IOSFW1#showcryengineconnectactive
CryptoEngineConnections
IDInterfaceTypeAlgorithmEncryptDecryptIP-Address
55Tu0IPsec3DES+MD50137
56Tu0IPsec3DES+MD51310
57Tu1IPsec3DES+MD50117
58Tu1IPsec3DES+MD51170
1011Tu0IKEMD5+DES00
1014Tu1IKEMD5+DES00
IOSFW2#showcryengineconnectionactive
CryptoEngineConnections
IDInterfaceTypeAlgorithmEncryptDecryptIP-Address
13Tu0IPsec3DES+MD5030
14Tu0IPsec3DES+MD5290
15Tu1IPsec3DES+MD5023
16Tu1IPsec3DES+MD5230
1003Tu0IKEMD5+DES00
1004Tu1IKEMD5+DES00
IOSFW1#showipospfnei
NeighborIDPriStateDeadTimeAddressInterface
5FULL/DR00:
00:
36Tunnel1
10FULL/DR00:
00:
37Tunnel0
IOSFW2#showipospfnei
NeighborIDPriStateDeadTimeAddressInterface
5FULL/DR00:
00:
34Tunnel1
10FULL/DR00:
00:
33Tunnel0
升级会员 