sites : 유동 ip
full mesh DMVPN with EIGRP and DHCP(Site_A 의 f0/1 and Site_B 의 f1/0 들은 ISP 로 부터 ip를 받는다.)
목적 : 1.dynamic IP address 도 HUB와 통신하여 tunnel을 구성할 수 있음을 본다.
2. Site A 와 B 간에 dynamic IP 를 이용 tunnel을 directly 구성할 수 있음을 본다.
ISP
no ip dhcp use vrf connected
ip dhcp excluded-address 20.1.1.1
ip dhcp excluded-address 30.1.1.1
!
ip dhcp pool 1
network 30.1.1.0 255.255.255.0
!
ip dhcp pool 2
network 20.1.1.0 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 20.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 30.1.1.1 255.255.255.0
duplex auto
speed auto
ip dhcp excluded-address 20.1.1.1
ip dhcp excluded-address 30.1.1.1
!
ip dhcp pool 1
network 30.1.1.0 255.255.255.0
!
ip dhcp pool 2
network 20.1.1.0 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 20.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 30.1.1.1 255.255.255.0
duplex auto
speed auto
HUB
crypto isakmp policy 10
encr aes
authentication pre-share
group 5
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
!
crypto ipsec profile IPsec-Profile
!
crypto ipsec profile IPsec-profile
set transform-set MYSET
!
ip tcp synwait-time 5
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface Tunnel0
bandwidth 1000
ip address 100.1.1.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
ip nhrp authentication cisco123
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 13579
tunnel protection ipsec profile IPsec-profile
!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 100.1.1.0 0.0.0.255
network 192.168.1.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.1.1.1
encr aes
authentication pre-share
group 5
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
!
crypto ipsec profile IPsec-Profile
!
crypto ipsec profile IPsec-profile
set transform-set MYSET
!
ip tcp synwait-time 5
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface Tunnel0
bandwidth 1000
ip address 100.1.1.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
ip nhrp authentication cisco123
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 13579
tunnel protection ipsec profile IPsec-profile
!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 100.1.1.0 0.0.0.255
network 192.168.1.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.1.1.1
Site_A
crypto isakmp policy 10
encr aes
authentication pre-share
group 5
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
!
crypto ipsec profile IPsec-profile
set transform-set MYSET
!
interface Loopback1
ip address 192.168.2.1 255.255.255.0
!
interface Tunnel0
bandwidth 1000
ip address 100.1.1.2 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
ip nhrp authentication cisco123
ip nhrp map 100.1.1.1 10.1.1.2
ip nhrp map multicast 10.1.1.2
ip nhrp network-id 1
ip nhrp nhs 100.1.1.1
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 13579
tunnel protection ipsec profile IPsec-profile
!
interface FastEthernet0/1
ip address 20.1.1.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 100.1.1.0 0.0.0.255
network 192.168.2.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 20.1.1.1
encr aes
authentication pre-share
group 5
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
!
crypto ipsec profile IPsec-profile
set transform-set MYSET
!
interface Loopback1
ip address 192.168.2.1 255.255.255.0
!
interface Tunnel0
bandwidth 1000
ip address 100.1.1.2 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
ip nhrp authentication cisco123
ip nhrp map 100.1.1.1 10.1.1.2
ip nhrp map multicast 10.1.1.2
ip nhrp network-id 1
ip nhrp nhs 100.1.1.1
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 13579
tunnel protection ipsec profile IPsec-profile
!
interface FastEthernet0/1
ip address 20.1.1.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 100.1.1.0 0.0.0.255
network 192.168.2.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 20.1.1.1
Site_B
crypto isakmp policy 10
encr aes
authentication pre-share
group 5
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
!
crypto ipsec profile IPsec-profile
set transform-set MYSET
!
ip tcp synwait-time 5
!
interface Loopback1
ip address 192.168.3.1 255.255.255.0
!
interface Tunnel0
bandwidth 1000
ip address 100.1.1.3 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
ip nhrp authentication cisco123
ip nhrp map 100.1.1.1 10.1.1.2
ip nhrp map multicast 10.1.1.2
ip nhrp network-id 2
ip nhrp nhs 100.1.1.1
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1
tunnel source FastEthernet1/0
tunnel mode gre multipoint
tunnel key 13579
tunnel protection ipsec profile IPsec-profile
!
!
interface FastEthernet1/0
ip address 30.1.1.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 100.1.1.0 0.0.0.255
network 192.168.3.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 30.1.1.1
encr aes
authentication pre-share
group 5
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
!
crypto ipsec profile IPsec-profile
set transform-set MYSET
!
ip tcp synwait-time 5
!
interface Loopback1
ip address 192.168.3.1 255.255.255.0
!
interface Tunnel0
bandwidth 1000
ip address 100.1.1.3 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
ip nhrp authentication cisco123
ip nhrp map 100.1.1.1 10.1.1.2
ip nhrp map multicast 10.1.1.2
ip nhrp network-id 2
ip nhrp nhs 100.1.1.1
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1
tunnel source FastEthernet1/0
tunnel mode gre multipoint
tunnel key 13579
tunnel protection ipsec profile IPsec-profile
!
!
interface FastEthernet1/0
ip address 30.1.1.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 100.1.1.0 0.0.0.255
network 192.168.3.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 30.1.1.1
No comments:
Post a Comment