Hi Everybody,

I'm trying to configure a dynamic multipoint VPN without much success. I tried using the config in the SNRS Quick Reference guide first, but it had lots of mistakes and ommissions. Next, I tried Cisco's document and that's where I am currently.

It could just be that I'm trying to do this in GNS3, but a point to point GRE worked fine. Any thought?

Here are the configs:

Hub:

Current configuration : 3190 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vpngw
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip domain name greg.com
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
archive
log config
hidekeys
!
!
crypto isakmp policy 100
encr aes 192
authentication pre-share
group 2
crypto isakmp key g0ph3r address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set MYSET esp-aes 192 esp-sha-hmac
mode transport
!
crypto ipsec profile MYVPN
set transform-set MYSET
!
!
!
!
!
!
!
!
interface Tunnel0
ip address 192.168.1.1 255.255.255.0
no ip redirects
ip nhrp authentication MYAUTH
ip nhrp map multicast dynamic
ip nhrp network-id 100
ip nhrp holdtime 300
no ip split-horizon eigrp 100
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile MYVPN
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
router eigrp 100
network 10.0.0.0 0.0.0.255
network 192.168.1.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
!
ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password g0ph3r
login
transport input telnet
line vty 5 1340
password g0ph3r
login
transport input telnet
!
!
end

Spoke:

Current configuration : 1506 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vpnspoke
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip domain name greg.com
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
crypto isakmp policy 100
encr aes 192
authentication pre-share
group 2
crypto isakmp key g0ph3r address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set MYSET esp-aes 192 esp-sha-hmac
mode transport
!
crypto ipsec profile MYVPN
set transform-set MYSET
!
!
!
!
!
!
!
!
interface Tunnel0
ip address 192.168.1.2 255.255.255.0
no ip redirects
ip nhrp authentication MYAUTH
ip nhrp map multicast dynamic
ip nhrp map 192.168.1.1 10.1.1.1
ip nhrp network-id 100
ip nhrp holdtime 300
ip nhrp nhs 10.1.1.1
no ip split-horizon eigrp 100
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile MYVPN
!
interface FastEthernet0/0
ip address 10.2.2.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.1.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 100
network 10.2.2.0 0.0.0.255
network 192.168.1.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 10.3.3.0 255.255.255.0 Tunnel0
!
!
ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
Spoke2:

Current configuration : 1504 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname spoke2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip domain name greg.com
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
crypto isakmp policy 100
encr aes 192
authentication pre-share
group 2
crypto isakmp key g0ph3r address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set MYSET esp-aes 192 esp-sha-hmac
mode transport
!
crypto ipsec profile MYVPN
set transform-set MYSET
!
!
!
!
!
!
!
!
interface Tunnel0
ip address 192.168.1.3 255.255.255.0
no ip redirects
ip nhrp authentication MYAUTH
ip nhrp map multicast dynamic
ip nhrp map 192.168.1.1 10.1.1.1
ip nhrp network-id 100
ip nhrp holdtime 300
ip nhrp nhs 10.1.1.1
no ip split-horizon eigrp 100
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile MYVPN
!
interface FastEthernet0/0
ip address 10.3.3.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.1.3 255.255.255.0
duplex auto
speed auto
!
router eigrp 100
network 10.3.3.0 0.0.0.255
network 192.168.1.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 10.2.2.0 255.255.255.0 Tunnel0
!
!
ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end