Official Lammle User Forum
|
#1
10-30-2009, 12:21 PM
|
|||
|
|||
Help with DMVPN?
Hi Everybody,
I'm trying to configure a dynamic multipoint VPN without much success. I tried using the config in the SNRS Quick Reference guide first, but it had lots of mistakes and ommissions. Next, I tried Cisco's document and that's where I am currently. It could just be that I'm trying to do this in GNS3, but a point to point GRE worked fine. Any thought? Here are the configs: Hub: Current configuration : 3190 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname vpngw ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 ip cef ! ! ! ! ip domain name greg.com ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! archive log config hidekeys ! ! crypto isakmp policy 100 encr aes 192 authentication pre-share group 2 crypto isakmp key g0ph3r address 0.0.0.0 0.0.0.0 ! ! crypto ipsec transform-set MYSET esp-aes 192 esp-sha-hmac mode transport ! crypto ipsec profile MYVPN set transform-set MYSET ! ! ! ! ! ! ! ! interface Tunnel0 ip address 192.168.1.1 255.255.255.0 no ip redirects ip nhrp authentication MYAUTH ip nhrp map multicast dynamic ip nhrp network-id 100 ip nhrp holdtime 300 no ip split-horizon eigrp 100 tunnel source FastEthernet0/1 tunnel mode gre multipoint tunnel key 100 tunnel protection ipsec profile MYVPN ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 10.1.1.1 255.255.255.0 duplex auto speed auto ! router eigrp 100 network 10.0.0.0 0.0.0.255 network 192.168.1.0 no auto-summary ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 ! ! ip http server no ip http secure-server ! ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 password g0ph3r login transport input telnet line vty 5 1340 password g0ph3r login transport input telnet ! ! end Spoke: Current configuration : 1506 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname vpnspoke ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 ip cef ! ! ! ! ip domain name greg.com ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! archive log config hidekeys ! ! crypto isakmp policy 100 encr aes 192 authentication pre-share group 2 crypto isakmp key g0ph3r address 0.0.0.0 0.0.0.0 ! ! crypto ipsec transform-set MYSET esp-aes 192 esp-sha-hmac mode transport ! crypto ipsec profile MYVPN set transform-set MYSET ! ! ! ! ! ! ! ! interface Tunnel0 ip address 192.168.1.2 255.255.255.0 no ip redirects ip nhrp authentication MYAUTH ip nhrp map multicast dynamic ip nhrp map 192.168.1.1 10.1.1.1 ip nhrp network-id 100 ip nhrp holdtime 300 ip nhrp nhs 10.1.1.1 no ip split-horizon eigrp 100 tunnel source FastEthernet0/1 tunnel mode gre multipoint tunnel key 100 tunnel protection ipsec profile MYVPN ! interface FastEthernet0/0 ip address 10.2.2.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 10.1.1.2 255.255.255.0 duplex auto speed auto ! router eigrp 100 network 10.2.2.0 0.0.0.255 network 192.168.1.0 no auto-summary ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 ip route 10.3.3.0 255.255.255.0 Tunnel0 ! ! ip http server no ip http secure-server ! ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 login ! ! end Spoke2: Current configuration : 1504 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname spoke2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 ip cef ! ! ! ! ip domain name greg.com ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! archive log config hidekeys ! ! crypto isakmp policy 100 encr aes 192 authentication pre-share group 2 crypto isakmp key g0ph3r address 0.0.0.0 0.0.0.0 ! ! crypto ipsec transform-set MYSET esp-aes 192 esp-sha-hmac mode transport ! crypto ipsec profile MYVPN set transform-set MYSET ! ! ! ! ! ! ! ! interface Tunnel0 ip address 192.168.1.3 255.255.255.0 no ip redirects ip nhrp authentication MYAUTH ip nhrp map multicast dynamic ip nhrp map 192.168.1.1 10.1.1.1 ip nhrp network-id 100 ip nhrp holdtime 300 ip nhrp nhs 10.1.1.1 no ip split-horizon eigrp 100 tunnel source FastEthernet0/1 tunnel mode gre multipoint tunnel key 100 tunnel protection ipsec profile MYVPN ! interface FastEthernet0/0 ip address 10.3.3.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 10.1.1.3 255.255.255.0 duplex auto speed auto ! router eigrp 100 network 10.3.3.0 0.0.0.255 network 192.168.1.0 no auto-summary ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 ip route 10.2.2.0 255.255.255.0 Tunnel0 ! ! ip http server no ip http secure-server ! ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 login ! ! end 
|
Threaded Mode