CCNA Video Training Series

Instant Access, Web or Mobile!

Only $99 for 30 days...
Renew at half price!

Buy/Renew

Includes FREE Practice Exams!

Member Login

Lost your password?

Not a member yet? Sign Up!

Official Lammle User Forum

Prev Previous Post   Next Post Next
  #1  
Old 10-30-2009, 12:21 PM
gabrielshorn gabrielshorn is offline
Senior Member
 
Join Date: Jul 2008
Posts: 211
Default Help with DMVPN?

Hi Everybody,

I'm trying to configure a dynamic multipoint VPN without much success. I tried using the config in the SNRS Quick Reference guide first, but it had lots of mistakes and ommissions. Next, I tried Cisco's document and that's where I am currently.

It could just be that I'm trying to do this in GNS3, but a point to point GRE worked fine. Any thought?

Here are the configs:

Hub:

Current configuration : 3190 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vpngw
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip domain name greg.com
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
archive
log config
hidekeys
!
!
crypto isakmp policy 100
encr aes 192
authentication pre-share
group 2
crypto isakmp key g0ph3r address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set MYSET esp-aes 192 esp-sha-hmac
mode transport
!
crypto ipsec profile MYVPN
set transform-set MYSET
!
!
!
!
!
!
!
!
interface Tunnel0
ip address 192.168.1.1 255.255.255.0
no ip redirects
ip nhrp authentication MYAUTH
ip nhrp map multicast dynamic
ip nhrp network-id 100
ip nhrp holdtime 300
no ip split-horizon eigrp 100
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile MYVPN
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
router eigrp 100
network 10.0.0.0 0.0.0.255
network 192.168.1.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
!
ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password g0ph3r
login
transport input telnet
line vty 5 1340
password g0ph3r
login
transport input telnet
!
!
end

Spoke:

Current configuration : 1506 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vpnspoke
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip domain name greg.com
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
crypto isakmp policy 100
encr aes 192
authentication pre-share
group 2
crypto isakmp key g0ph3r address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set MYSET esp-aes 192 esp-sha-hmac
mode transport
!
crypto ipsec profile MYVPN
set transform-set MYSET
!
!
!
!
!
!
!
!
interface Tunnel0
ip address 192.168.1.2 255.255.255.0
no ip redirects
ip nhrp authentication MYAUTH
ip nhrp map multicast dynamic
ip nhrp map 192.168.1.1 10.1.1.1
ip nhrp network-id 100
ip nhrp holdtime 300
ip nhrp nhs 10.1.1.1
no ip split-horizon eigrp 100
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile MYVPN
!
interface FastEthernet0/0
ip address 10.2.2.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.1.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 100
network 10.2.2.0 0.0.0.255
network 192.168.1.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 10.3.3.0 255.255.255.0 Tunnel0
!
!
ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
Spoke2:

Current configuration : 1504 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname spoke2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip domain name greg.com
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
crypto isakmp policy 100
encr aes 192
authentication pre-share
group 2
crypto isakmp key g0ph3r address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set MYSET esp-aes 192 esp-sha-hmac
mode transport
!
crypto ipsec profile MYVPN
set transform-set MYSET
!
!
!
!
!
!
!
!
interface Tunnel0
ip address 192.168.1.3 255.255.255.0
no ip redirects
ip nhrp authentication MYAUTH
ip nhrp map multicast dynamic
ip nhrp map 192.168.1.1 10.1.1.1
ip nhrp network-id 100
ip nhrp holdtime 300
ip nhrp nhs 10.1.1.1
no ip split-horizon eigrp 100
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile MYVPN
!
interface FastEthernet0/0
ip address 10.3.3.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.1.3 255.255.255.0
duplex auto
speed auto
!
router eigrp 100
network 10.3.3.0 0.0.0.255
network 192.168.1.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 10.2.2.0 255.255.255.0 Tunnel0
!
!
ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
Reply With Quote
 

Bookmarks
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 01:23 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
css.php