Scribd Logo
Unggah

Selamat datang di Scribd!

  • DMVPN Experiment Report III - DMVPN-P3 Stage (Hierarchical - Large Scale IOS SLB Design) - Sina Blog Zen Repair Loredo

    Diunggah oleh

    Senan Alkaaby
    25 tayangan13 halaman
    DMVPN

    Judul Asli

    DMVPN Experiment Report III_ DMVPN-P3 Stage (Hierarchical _ Large Scale IOS SLB Design) _ _ Sina Blog Zen Repair Loredo

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    DMVPN

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    25 tayangan13 halaman

    DMVPN Experiment Report III - DMVPN-P3 Stage (Hierarchical - Large Scale IOS SLB Design) - Sina Blog Zen Repair Loredo

    Diunggah oleh

    Senan Alkaaby
    DMVPN

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 13

    4/1/2017 DMVPNExperimentReportIII:DMVPNP3stage(hierarchical/largescaleIOSSLBdesign)__SinablogZenrepairLoredo

    2,The Same Domain DMVPN Network Domains


    A,topology:

    A,Description:
    The same domain,Spokebetween direct communication is arriving (both could have been builtSA)

    B,Configuration:
    Center
    !
    hostname Center
    !
    !
    crypto isakmp policy 10
    authentication pre-share
    crypto isakmp key cisco address 0.0.0.0 0.0.0.0
    !
    crypto ipsec transform-set dmset esp-des esp-md5-hmac
    mode transport
    !
    crypto ipsec profile dmpro
    set transform-set dmset
    !
    interface Loopback0
    ip address 172.16.1.1 255.255.255.0

    http://blog.sina.com.cn/s/blog_a5104b15010160cj.html 1/13
    4/1/2017 DMVPNExperimentReportIII:DMVPNP3stage(hierarchical/largescaleIOSSLBdesign)__SinablogZenrepairLoredo

    !
    interface Tunnel0
    bandwidth 1000
    ip address 10.0.0.1 255.255.255.0
    no ip redirects
    ip man 1400
    no ip next-hop-self eigrp 100
    ip nhrp authentication cisco
    ip nhrp map multicast dynamic
    ip nhrp network-id 123
    ip nhrp holdtime 300
    ip nhrp redirect
    no ip split-horizon eigrp 100
    ip summary-address eigrp 100 172.16.0.0 255.255.0.0 10
    delay 1000
    tunnel source 202.100.2.1
    tunnel mode gre multipoint
    tunnel key 123
    tunnel protection ipsec profile dmpro
    !
    interface FastEthernet0/0
    ip address 202.100.2.1 255.255.255.0
    auto duplex
    speed auto
    !
    router eigrp 100
    network 10.0.0.1 0.0.0.0
    network 172.16.1.0 0.0.0.255
    no auto-summary
    !
    end

    Hub1:
    hostname Hub1
    !
    !
    crypto isakmp policy 10

    http://blog.sina.com.cn/s/blog_a5104b15010160cj.html 2/13
    4/1/2017 DMVPNExperimentReportIII:DMVPNP3stage(hierarchical/largescaleIOSSLBdesign)__SinablogZenrepairLoredo

    authentication pre-share
    crypto isakmp key cisco address 0.0.0.0 0.0.0.0
    !
    !
    crypto ipsec transform-set dmset esp-des esp-md5-hmac
    mode transport
    !
    crypto ipsec profile dmpro
    set transform-set dmset
    !
    interface Loopback0
    ip address 172.16.2.2 255.255.255.0
    !
    interface Tunnel0
    bandwidth 1000
    ip address 10.0.0.2 255.255.255.0
    no ip redirects
    ip man 1400
    no ip next-hop-self eigrp 100
    ip nhrp authentication cisco
    ip nhrp map multicast 202.100.2.1
    ip nhrp map 10.0.0.1 202.100.2.1
    ip nhrp network-id 123
    ip nhrp holdtime 300
    ip nhrp nhs 10.0.0.1
    ip nhrp shortcut
    no ip split-horizon eigrp 100
    delay 1000
    tunnel source 202.100.2.2
    tunnel mode gre multipoint
    tunnel key 123
    tunnel protection ipsec profile dmproshared
    !
    interface Tunnel1
    bandwidth 1000
    ip address 10.0.1.2 255.255.255.0
    no ip redirects

    http://blog.sina.com.cn/s/blog_a5104b15010160cj.html 3/13
    4/1/2017 DMVPNExperimentReportIII:DMVPNP3stage(hierarchical/largescaleIOSSLBdesign)__SinablogZenrepairLoredo

    ip man 1400
    ip nhrp authentication cisco
    ip nhrp map multicast dynamic
    ip nhrp network-id 123
    ip nhrp holdtime 300
    ip nhrp redirect
    delay 1000
    tunnel source 202.100.1.2
    tunnel mode gre multipoint
    tunnel key 123
    tunnel protection ipsec profile dmproshared
    !
    interface FastEthernet0/0
    ip address 202.100.2.2 255.255.255.0
    auto duplex
    speed auto
    !
    interface FastEthernet1/0
    ip address 202.100.1.2 255.255.255.0
    auto duplex
    speed auto
    !
    !
    router eigrp 100
    network 10.0.0.2 0.0.0.0
    network 10.0.1.2 0.0.0.0
    network 172.16.2.0 0.0.0.255
    no auto-summary
    !
    End

    Hub2:
    !
    hostname Hub2
    !
    crypto isakmp policy 10
    authentication pre-share

    http://blog.sina.com.cn/s/blog_a5104b15010160cj.html 4/13
    4/1/2017 DMVPNExperimentReportIII:DMVPNP3stage(hierarchical/largescaleIOSSLBdesign)__SinablogZenrepairLoredo

    crypto isakmp key cisco address 0.0.0.0 0.0.0.0


    !
    !
    crypto ipsec transform-set dmset esp-des esp-md5-hmac
    mode transport
    !
    crypto ipsec profile dmpro
    set transform-set dmset
    !
    interface Loopback0
    ip address 172.16.3.3 255.255.255.0
    !
    interface Tunnel0
    bandwidth 1000
    ip address 10.0.0.3 255.255.255.0
    no ip redirects
    ip man 1400
    no ip next-hop-self eigrp 100
    ip nhrp authentication cisco
    ip nhrp map multicast 202.100.2.1
    ip nhrp map 10.0.0.1 202.100.2.1
    ip nhrp network-id 123
    ip nhrp holdtime 300
    ip nhrp nhs 10.0.0.1
    ip nhrp shortcut
    no ip split-horizon eigrp 100
    delay 1000
    tunnel source 202.100.2.3
    tunnel mode gre multipoint
    tunnel key 123
    tunnel protection ipsec profile dmproshared
    !
    interface Tunnel1
    bandwidth 1000
    ip address 10.0.1.3 255.255.255.0
    no ip redirects
    ip man 1400

    http://blog.sina.com.cn/s/blog_a5104b15010160cj.html 5/13
    4/1/2017 DMVPNExperimentReportIII:DMVPNP3stage(hierarchical/largescaleIOSSLBdesign)__SinablogZenrepairLoredo

    no ip next-hop-self eigrp 100


    ip nhrp authentication cisco
    ip nhrp map multicast dynamic
    ip nhrp network-id 123
    ip nhrp holdtime 300
    ip nhrp redirect
    no ip split-horizon eigrp 100
    delay 1000
    tunnel source 202.100.1.3
    tunnel mode gre multipoint
    tunnel key 123
    tunnel protection ipsec profile dmproshared
    !
    interface FastEthernet0/0
    ip address 202.100.2.3 255.255.255.0
    auto duplex
    speed auto
    !
    interface FastEthernet1/0
    ip address 202.100.1.3 255.255.255.0
    auto duplex
    speed auto
    !
    router eigrp 100
    network 10.0.0.3 0.0.0.0
    network 10.0.1.3 0.0.0.0
    network 172.16.3.0 0.0.0.255
    no auto-summary
    !
    End

    Spoke1:
    !
    hostname Spoke1
    !
    crypto isakmp policy 10
    authentication pre-share

    http://blog.sina.com.cn/s/blog_a5104b15010160cj.html 6/13
    4/1/2017 DMVPNExperimentReportIII:DMVPNP3stage(hierarchical/largescaleIOSSLBdesign)__SinablogZenrepairLoredo

    crypto isakmp key cisco address 0.0.0.0 0.0.0.0


    !
    !
    crypto ipsec transform-set dmset esp-des esp-md5-hmac
    mode transport
    !
    crypto ipsec profile dmpro
    set transform-set dmset
    !
    interface Loopback0
    ip address 172.16.4.4 255.255.255.0
    !
    interface Tunnel1
    bandwidth 1000
    ip address 10.0.1.4 255.255.255.0
    no ip redirects
    ip man 1400
    ip nhrp authentication cisco
    ip nhrp map multicast 202.100.1.2
    ip nhrp map 10.0.1.2 202.100.1.2
    ip nhrp network-id 123
    ip nhrp holdtime 300
    ip nhrp nhs 10.0.1.2
    ip nhrp shortcut
    delay 1000
    tunnel source 202.100.1.4
    tunnel mode gre multipoint
    tunnel key 123
    tunnel protection ipsec profile dmpro
    !
    interface FastEthernet1/0
    ip address 202.100.1.4 255.255.255.0
    auto duplex
    speed auto
    !
    router eigrp 100
    network 10.0.1.4 0.0.0.0

    http://blog.sina.com.cn/s/blog_a5104b15010160cj.html 7/13
    4/1/2017 DMVPNExperimentReportIII:DMVPNP3stage(hierarchical/largescaleIOSSLBdesign)__SinablogZenrepairLoredo

    network 172.16.4.0 0.0.0.255


    no auto-summary
    !
    End

    Spoke2:
    !
    hostname Spoke2
    !
    crypto isakmp policy 10
    authentication pre-share
    crypto isakmp key cisco address 0.0.0.0 0.0.0.0
    !
    !
    crypto ipsec transform-set dmset esp-des esp-md5-hmac
    mode transport
    !
    crypto ipsec profile dmpro
    set transform-set dmset
    !
    interface Loopback0
    ip address 172.16.5.5 255.255.255.0
    !
    interface Tunnel1
    bandwidth 1000
    ip address 10.0.1.5 255.255.255.0
    no ip redirects
    ip man 1400
    ip nhrp authentication cisco
    ip nhrp map multicast 202.100.1.3
    ip nhrp map 10.0.1.3 202.100.1.3
    ip nhrp network-id 123
    ip nhrp holdtime 300
    ip nhrp nhs 10.0.1.3
    ip nhrp shortcut
    delay 1000
    tunnel source 202.100.1.5

    http://blog.sina.com.cn/s/blog_a5104b15010160cj.html 8/13
    4/1/2017 DMVPNExperimentReportIII:DMVPNP3stage(hierarchical/largescaleIOSSLBdesign)__SinablogZenrepairLoredo

    tunnel mode gre multipoint


    tunnel key 123
    tunnel protection ipsec profile dmpro
    !
    interface FastEthernet1/0
    ip address 202.100.1.5 255.255.255.0
    auto duplex
    speed auto
    !
    router eigrp 100
    network 10.0.1.5 0.0.0.0
    network 172.16.5.0 0.0.0.255
    no auto-summary
    !
    End

    D, experiments show:
    Centerend routing


    Hubend routing


    Spokeend routing

    http://blog.sina.com.cn/s/blog_a5104b15010160cj.html 9/13
    4/1/2017 DMVPNExperimentReportIII:DMVPNP3stage(hierarchical/largescaleIOSSLBdesign)__SinablogZenrepairLoredo


    Others do not do too much to explain, we are now under the direct
    experienceSpoke1andSpoke2communication between
    Spoke1end ofipsec SA(temporarily only withHub1of)

    http://blog.sina.com.cn/s/blog_a5104b15010160cj.html 10/13
    4/1/2017 DMVPNExperimentReportIII:DMVPNP3stage(hierarchical/largescaleIOSSLBdesign)__SinablogZenrepairLoredo


    Now we come toPINGunderSpoke2behind network address (172.16.5.5), twoSpokeestablished
    betweenSA.

    http://blog.sina.com.cn/s/blog_a5104b15010160cj.html 11/13
    4/1/2017 DMVPNExperimentReportIII:DMVPNP3stage(hierarchical/largescaleIOSSLBdesign)__SinablogZenrepairLoredo


    NowTraceroute

    http://blog.sina.com.cn/s/blog_a5104b15010160cj.html 12/13
    4/1/2017 DMVPNExperimentReportIII:DMVPNP3stage(hierarchical/largescaleIOSSLBdesign)__SinablogZenrepairLoredo


    Encryption and decryption

    http://blog.sina.com.cn/s/blog_a5104b15010160cj.html 13/13

    Anda mungkin juga menyukai