|
1、 Configuration:
HUB1:crypto isakmp policy 110
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set tfs esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile mypro
set transform-set tfs
!
interface Tunnel0
ip address 172.16.1.100 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 10
ip nhrp cache non-authoritative
ip ospf network broadcast
ip ospf cost 100
tunnel source 202.100.1.100
tunnel mode gre multipoint
tunnel protection ipsec profile mypro
!
interface FastEthernet0/0
ip address 202.100.1.100 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.100.100 255.255.255.0
router ospf 110
router-id 2.2.2.2
log-adjacency-changes
network 172.16.1.0 0.0.0.255 area 0
network 192.168.100.0 0.0.0.255 area 0
HUB2:
crypto isakmp policy 110
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set tfs esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile mypro
set transform-set tfs
!
interface Tunnel0
ip address 172.16.1.101 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 10
ip nhrp cache non-authoritative
ip ospf network broadcast
ip ospf cost 105
tunnel source 202.100.1.101
tunnel mode gre multipoint
tunnel protection ipsec profile mypro
!
interface FastEthernet0/0
ip address 202.100.1.101 255.255.255.0
duplex full
!
interface FastEthernet1/0
ip address 192.168.100.101 255.255.255.0
duplex full
!
router ospf 110
router-id 3.3.3.3
log-adjacency-changes
network 172.16.1.0 0.0.0.255 area 0
network 192.168.100.0 0.0.0.255 area 0
SPOKE1:
crypto isakmp policy 110
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set tfs esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile mypro
set transform-set tfs
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface Tunnel0
ip address 172.16.1.1 255.255.255.0
no ip redirects
ip nhrp map 172.16.1.100 202.100.1.100
ip nhrp map 172.16.1.101 202.100.1.101
ip nhrp map multicast 202.100.1.100
ip nhrp map multicast 202.100.1.101
ip nhrp network-id 10
ip nhrp nhs 172.16.1.100
ip nhrp nhs 172.16.1.101
ip nhrp cache non-authoritative
ip ospf network broadcast
ip ospf priority 0
tunnel source 202.100.1.1
tunnel mode gre multipoint
tunnel protection ipsec profile mypro
!
interface FastEthernet0/0
ip address 202.100.1.1 255.255.255.0
duplex full
!
router ospf 110
router-id 4.4.4.4
log-adjacency-changes
network 172.16.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
SPOKE2:
crypto isakmp policy 110
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!crypto ipsec transform-set tfs esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile mypro
set transform-set tfs
!
interface Loopback0
ip address 192.168.2.1 255.255.255.0
!
interface Tunnel0
ip address 172.16.1.2 255.255.255.0
no ip redirects
ip nhrp map 172.16.1.100 202.100.1.100
ip nhrp map 172.16.1.101 202.100.1.101
ip nhrp map multicast 202.100.1.100
ip nhrp map multicast 202.100.1.101
ip nhrp network-id 10
ip nhrp nhs 172.16.1.100
ip nhrp nhs 172.16.1.101
ip nhrp cache non-authoritative
ip ospf network broadcast
ip ospf priority 0
tunnel source 202.100.1.2
tunnel mode gre multipoint
tunnel protection ipsec profile mypro
!
interface FastEthernet0/0
ip address 202.100.1.2 255.255.255.0
duplex full
!
router ospf 110
router-id 5.5.5.5
log-adjacency-changes
network 172.16.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
SERVER:
interface FastEthernet1/0
ip address 192.168.100.1 255.255.255.0
duplex full
!
router ospf 110
router-id 1.1.1.1
log-adjacency-changes
network 192.168.100.0 0.0.0.255 area 0
2、 Validation:
SPOKE1#traceroute 192.168.100.1 source 192.168.1.1
Type escape sequence to abort.
Tracing the route to 192.168.100.1
1 172.16.1.101 200 msec 132 msec 180 msec
2 192.168.100.1 144 msec * 172 msec
SPOKE1#show ip route ospf
192.168.2.0/32 is subnetted, 1 subnets
O 192.168.2.1 [110/11112] via 172.16.1.2, 00:13:27, Tunnel0
O 192.168.100.0/24 [110/11112] via 172.16.1.101, 00:13:27, Tunnel0
SPOKE1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 2WAY/DROTHER 00:00:38 172.16.1.100 Tunnel0
3.3.3.3 1 FULL/DR 00:00:33 172.16.1.101 Tunnel0
HUB1#show ip nhrp
172.16.1.1/32 via 172.16.1.1, Tunnel0 created 00:15:14, expire 01:48:59
Type: dynamic, Flags: unique nat registered used
NBMA address: 202.100.1.1
172.16.1.2/32 via 172.16.1.2, Tunnel0 created 00:15:09, expire 01:49:05
Type: dynamic, Flags: unique nat registered used
NBMA address: 202.100.1.2
SPOKE1#show ip nhrp
172.16.1.100/32 via 172.16.1.100, Tunnel0 created 00:16:02, never expire
Type: static, Flags: nat used
NBMA address: 202.100.1.100
172.16.1.101/32 via 172.16.1.101, Tunnel0 created 00:16:02, never expire
Type: static, Flags: nat used
NBMA address: 202.100.1.101
That‘s the end. Let‘s start the discussion together!!!!
|
|