Hola!
Continuando con DMVPN, vamos a realizar una configuración utilizando enrutamiento dinámico.
Aclaración: Router y IOS utilizado, “C7200-ADVSECURITYK9-M, Version 15.0(1)M”. Es muy importante verificar que nuestra versión de IOS cuente con las funciones necesarias. En general se recomienda utilizar, a partir de IOS 12.3.19T en adelante.
[HUB-A] ! ! hostname HUB-A ! ! ! ! crypto isakmp policy 1 encr aes authentication pre-share crypto isakmp key 6 $IPROOT$ address 0.0.0.0 0.0.0.0 crypto isakmp keepalive 20 3 ! ! crypto ipsec transform-set IPROOT-transp esp-aes esp-sha-hmac mode transport ! crypto ipsec profile dmvpnprofile set transform-set IPROOT-transp ! ! interface Tunnel0 description Conexion a Spokes bandwidth 1000 ip address 172.23.250.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip mtu 1400 ip flow ingress ip nhrp authentication autheniproot ip nhrp map multicast dynamic ip nhrp network-id 100000 ip nhrp holdtime 600 ip tcp adjust-mss 1360 delay 1000 shutdown tunnel source FastEthernet0/0 tunnel mode gre multipoint tunnel key 100000 tunnel protection ipsec profile dmvpnprofile shared ! ! ! interface FastEthernet0/0 description WAN ip address 190.25.72.6 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress duplex auto speed auto no mop enabled ! interface FastEthernet0/1 description LAN ip address 160.38.0.1 255.255.255.0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress duplex auto speed auto no mop enabled ! ! router eigrp 1 redistribute static network 160.38.0.0 0.0.0.255 network 172.23.250.0 0.0.0.255 distribute-list 3 out no auto-summary ! ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 ! ! ! access-list 3 permit 160.38.0.0 0.0.0.255 access-list 3 permit 172.23.250.0 0.0.0.255 ! ! ! ! ! end
[SPOKE01] ! hostname SPOKE01 ! ! ! ! crypto isakmp policy 1 encr aes authentication pre-share crypto isakmp key 6 $IPROOT$ address 0.0.0.0 0.0.0.0 crypto isakmp keepalive 20 3 ! ! crypto ipsec transform-set IPROOT-transp esp-aes esp-sha-hmac mode transport ! crypto ipsec profile dmvpnprofile set transform-set IPROOT-transp ! ! ! ! interface Tunnel0 description Conexion a Hub A bandwidth 1000 ip address 172.23.250.30 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip mtu 1400 ip nhrp authentication autheniproot ip nhrp map multicast 190.25.72.6 ip nhrp map 172.23.250.1 190.25.72.6 ip nhrp network-id 100000 ip nhrp holdtime 300 ip nhrp nhs 172.23.250.1 ip route-cache flow ip tcp adjust-mss 1360 delay 1000 shutdown tunnel source FastEthernet0/0 tunnel mode gre multipoint tunnel key 100000 tunnel protection ipsec profile dmvpnprofile shared !
interface Null0 no ip unreachables ! interface FastEthernet0/0 description WAN ip address 190.25.72.22 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow duplex auto speed auto no mop enabled ! interface FastEthernet0/1 description LAN ip address 180.29.160.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow ip tcp adjust-mss 1412 duplex auto speed auto no mop enabled ! ! router eigrp 1 redistribute static passive-interface f0/1 network 172.23.250.0 0.0.0.255 network 180.29.160.0 0.0.0.255 distribute-list 3 out no auto-summary ! ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 ! ! access-list 3 permit 172.23.250.30 0.0.0.255 access-list 3 permit 180.29.160.0 0.0.0.255 ! ! ! ! ! end
Contacto: iproot@outlook.com
Comments